4
To move to a more complicated security example, let’s see how a couple of simple mistakes can lead
to a misapplication of Ockham’s Razor.
Example_User is a user in the EXAMPLE Domain. This person has two accounts on the Internet for
books and for jewelry, 4 email accounts, and is also an Enterprise Administrator for the Example
Domain.
Internet Book Store
Login:
login1@freemail.com
Password:
1ReMM&2ndDEVICE#
Internet Jewelry Store
Login:
myUserName@anotherfreemail.com
Password:
A*isBourne$YETI!
Corporate User Login
Login:
Example_User
Password:
$M0neyThat’sWhatIWant!
Domain:
EXAMPLE
Email:
example_user@example.corp
Corporate Enterprise Admin Login
Login:
Example_EA
Password:
WOW!I’mAnEntAdminForExample!!!
Domain:
EXAMPLE
Email:
example_EA@example.corp
Intranet Web Server
Login:
Example_User
Password:
$M0neyThat’sWhatIWant!
Domain:
EXAMPLE
All of these passwords and logins are too much for Example User to remember. Example User
believes that writing a password down is a horrible breach of security, so Example User decides to
do some research into the Internet Book Store and the Internet Jewelry Store and found out the
following:
•
The servers used to store account information are located in a highly secure building – more
security than his company’s buildings
•
The servers used to handle account information meet higher security standards than his
company’s servers
•
The servers that handle a user logging-in utilize a higher security cipher suite than his
company’s servers
•
The servers reside in a location that is required by law to report any breach in privacy of
information. His company was not under the same obligation for its own employees.
Based upon this information, Example User decides to apply Ockham’s Razor and this results in:
Internet Book Store
Login:
example_EA@example.corp
Password:
WOW!I’mAnEntAdminForExample!!!
Internet Jewelry Store
Login:
example_EA@example.corp
Password:
WOW!I’mAnEntAdminForExample!!!
Corporate User Login
Login:
Example_User
Password:
WOW!I’mAnEntAdminForExample!!!
Domain:
EXAMPLE
Email:
example_user@example.corp
Corporate Enterprise Admin Login
Login:
Example_EA
Password:
WOW!I’mAnEntAdminForExample!!!