Chapter 1. The Philosophy of System Administration


7


What would happen if that person were to attempt to subvert our security?


Note


This does not mean that you should treat your coworkers as if they are criminals. It just means that


you should look at the type of work that each person performs, and determine what types of security


breaches a person in that position could perpetrate, if they were so inclined.


1.7.1. The Risks of Social Engineering


While most system administrators' first reactions when they think about security is to concentrate on


the technological aspects, it is important to maintain perspective. Quite often, security breaches do not


have their origins in technology, but in human nature.


People interested in breaching security often use human nature to entirely bypass technological access


controls. This is known as social engineering. Here is an example:


The second shift operator receives an outside phone call. The caller claims to be your organization's


CFO (the CFO's name and background information was obtained from your organization's website,


on the "Management Team" page).


The caller claims to be calling from some place halfway around the world (maybe this part of the


story is a complete fabrication, or perhaps your organization's website has a recent press release that


makes mention of the CFO attending a tradeshow).


The caller tells a tale of woe; his laptop was stolen at the airport, and he is with an important cus 


tomer and needs access to the corporate intranet to check on the customer's account status. Would the


operator be so kind as to give him the necessary access information?


Do you know what would your operator do? Unless your operator has guidance (in the form of policies


and procedures), you very likely do not know for sure.


Like traffic lights, the goal of policies and procedures is to provide unambiguous guidance as to what


is and is not appropriate behavior. However, just as with traffic lights, policies and procedures only


work if everyone follows them. And there is the crux of the problem   it is unlikely that everyone


will adhere to your policies and procedures. In fact, depending on the nature of your organization, it


is possible that you do not even have sufficient authority to define policies, much less enforce them.


What then?


Unfortunately, there are no easy answers. User education can help; do everything you can to help make


your user community aware of security and social engineering. You can also make yourself available


as a sounding board for users' questions about things that do not seem quite right.


1.8. Plan Ahead


A system administrator that took all the previous advice to heart and did their best to follow it would


be a fantastic system administrator   for a day. Eventually, the environment will change, and one day


our fantastic administrator would be caught flat footed. The reason? Our fantastic administrator failed


to plan ahead.


Certainly no one can predict the future with 100% accuracy. However, with a bit of awareness it is


easy to read the signs of many changes:


An offhand mention of a new project gearing up during that boring weekly staff meeting is a sure


sign that you will likely need to support new users in the near future








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      website hosting provider

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved