It is very important for the growing up employees as an administrator, you’ve no doubt heard countless horror stories of data being accessed
as a result of stupidity. Users write their passwords on scraps of paper and tape them to the
monitor because the length/complexity requirements have made the passwords too difficult
to remember. Other users go home without logging out and never return; the terminal stays
logged in indefinitely, allowing an attacker to sit at it and copy key files. These stories may
sound too unrealistic to believe, but there is some truth to them.
For this scenario, you’ll need to put yourself in the position of an outsider wanting to find
any sliver of data that can be used to allow you to gain access to a network. That sliver of
data could be a user’s password, the name and location of a data file, or anything else of
a sensitive nature. From that perspective, see if you can answer these questions:
- How often do users change their passwords, and how d NN o they go about memorizing their new ones for the first few days? Do they write them down and carry them in their belongings? Do they stick a piece of paper in a drawer (and if so, is it locked)?
- What happens to sensitive information that’s printed? Is it shredded or just tossed in the wastebasket? Who collects the trash—a contracted service provider or the city?
- Crucial data, such as backup sets, are stored off-site. Where are they stored? Would it be easier to break in and get that data than to break into the network? How many people know where the backup sets are?
These are a few of the questions you must ask as an administrator in order to keep your
data safe. Your answers can help you determine whether you need to make the workplace
more secure.
- Security+
No comments:
Post a Comment