Why idle users should be killed (was Re: Preventing Idle in telnet)

[Doug Gwyn]

In article <4133 at lib.tmc.edu> jmaynard at thesis1.hsch.utexas.edu (Jay Maynard) writes:
>In article <13970 at smoke.BRL.MIL> gwyn at smoke.BRL.MIL (Doug Gwyn) writes:
>>Seriously, you seem to imply that there is some sort of "problem"
>>that needs to be solved.  Just what IS the problem?
>This is primarily a security issue. The problem is that users will walk off
>and leave their terminals logged on, thus allowing someone else to walk up
>to the terminal and gain the security privileges of the original user.

Ah, but you don't solve that problem by timing out the connection after
a certain amount of inactivity; you merely reduce the time during which
some unauthorized person can exploit this situation.  To solve the problem,
you need to educate your users in the necessity of logging off or at least
running some sort of approved "terminal lock" program when leaving their
terminal unattended, and they must be convinced that they should do it AND
that failure to cooperate in computer security matters will result in
suitable corrective action, such as firing them or removing their access.
People problems need people solutions; attempts to automate technical
solutions generally don't really work.