Subscribe by Email

Your email:

Most Popular Posts

Browse by Tag

Posts by Month

The "RISKY BUSINESS" Blog

Current Articles | RSS Feed RSS Feed

Physically Challenged Information Security

Posted by John Verry on Thu, Jul 02, 2009 @ 09:23 AM
  | Share on Twitter Twitter | Submit to Digg digg it |  Add to delicious  delicious |  Submit to StumbleUpon StumbleUpon |  Share On Technorati Technorati | Submit to Reddit reddit 

In a case of the fox guarding the hen house -- "GhostExodus" a former hospital security guard and a renowned hacker was arrested for painting malicious code on the hospital network as part of a planned July 4th massive DDoS attack.

Scary stuff, but not as uncommon as you may imagine. One of our clients was largely "down" for 36 hours after "voices" advised a security guard to plug in and power a spare switch in the data center and randomly plug cables into it.  Can you say infinite loop?

Unfortunately, there are no easy answers.  Background checks are critical but not fool-proof.  Restricting access to "need to know" and monitoring of privileged access is painful, but very valuable.  A (different) client of ours just fully segregated the guards onto their own VLAN as they noted that the guards had been "poking around".

So the next time you smile and roam past the security guard and he doesn't even lift his head from the computer screen ... you may want to find out what he is doing.

Tags: , , ,

COMMENTS

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics