Skip to main content
The 2024 Developer Survey results are live! See the results
Information Security

Return to Answer

fixed grammar
Source Link
edit approved Jun 25, 2018 at 15:07
eclipz905
edit approved Jun 25, 2018 at 15:07
eclipz905
  • 109
  • 2

Risk of Repudiation

In addition to all the fine answers about employees as a threat and visitors as a threat, I think you have to consider the fact that the mere fact that the traffic is unencrypted is of itself a vulnerability even in the total absence of hackers.

You are setting yourself up for a situation where any employee who does something they are not supposed to do (by mistake or on purpose) and then is called out on it can deny that it was actually them. Normally, you the manager would just say, "we know it was you because you were logged in". In this case the accused employee can reasonably reply "the login is worthless and you know it. Anyone on the LAN could ofhave sniffed my password and done this bad thing posing as me."

Risk of Repudiation

In addition to all the fine answers about employees as a threat and visitors as a threat, I think you have to consider the fact that the mere fact that the traffic is unencrypted is of itself a vulnerability even in the total absence of hackers.

You are setting yourself up for a situation where any employee who does something they are not supposed to do (by mistake or on purpose) and then is called out on it can deny that it was actually them. Normally, you the manager would just say, "we know it was you because you were logged in". In this case the accused employee can reasonably reply "the login is worthless and you know it. Anyone on the LAN could of sniffed my password and done this bad thing posing as me."

Risk of Repudiation

In addition to all the fine answers about employees as a threat and visitors as a threat, I think you have to consider that the mere fact that the traffic is unencrypted is of itself a vulnerability even in the total absence of hackers.

You are setting yourself up for a situation where any employee who does something they are not supposed to do (by mistake or on purpose) and then is called out on it can deny that it was actually them. Normally, you the manager would just say, "we know it was you because you were logged in". In this case the accused employee can reasonably reply "the login is worthless and you know it. Anyone on the LAN could have sniffed my password and done this bad thing posing as me."

Source Link
AllInOne
AllInOne
  • 467
  • 3
  • 6

Risk of Repudiation

In addition to all the fine answers about employees as a threat and visitors as a threat, I think you have to consider the fact that the mere fact that the traffic is unencrypted is of itself a vulnerability even in the total absence of hackers.

You are setting yourself up for a situation where any employee who does something they are not supposed to do (by mistake or on purpose) and then is called out on it can deny that it was actually them. Normally, you the manager would just say, "we know it was you because you were logged in". In this case the accused employee can reasonably reply "the login is worthless and you know it. Anyone on the LAN could of sniffed my password and done this bad thing posing as me."