In many ways, it is impossible to provide complete security to any data. The ultimate protection would be to hide or destroy data so that no one could ever see it. Of course, no one could use the data. Problems arise because some people need to use data, but the organization also needs to control who can see and use certain information. One of the most difficult aspects of computer security is controlling access without interfering with the business and employee privacy.
Jenny has been working for a large company for the last three years. Axel was hired two months ago—he is a little more enthusiastic in his use of computers. Axel also has little faith in central administrators and rules.
|
(Office, 9:15 AM) |
|
| Axel: | Hey Jenny, check out these silly new rules. These guys have gone too far this time. It says here that certain employees can only access these accounts during working hours! |
| Jenny: | Really? Did you see the new PCs that MIS just delivered? They have warning stickers and special screws. We’re not even allowed to open the cases. |
| Axel: | What are they worried about anyway? There’s nothing in there to steal. Besides, it wouldn’t take 30 seconds to get that screw out. |
| Jenny: | I don’t know. I guess they’re worried about us altering the machines. Or maybe they’re afraid we’ll do something to the network interface card to break security on the network. |
| Axel: | Well, too bad. I need to install my CD-ROM, and I’m not going to sit around and wait for tech support to get here. These rules are getting ridiculous. |
|
(Security center, 7:02 PM) |
|
| Billy: | Hey Taggert, check out this report from the computer activity monitor. It says that Jenny down in finance is still logged in. |
| Taggert: | So, I’ve seen her work late some nights. She’s on the authorized list, isn’t she? |
| Billy: | Yeah, but I swear I passed her in the hall when I got back from dinner. Hang on, let’s check the security logs . . . Yeah. There it is. She checked out at 6:32 PM. Let’s see . . . Yeah, the parking garage gate records show she drove out at 6:38 PM. That doesn’t give her time to get home and call in. |
| Taggert: | Okay, then let’s see who’s logged on . . . The network monitor says the activity is coming from a machine in her office area. Run a quick personnel scan and see who hasn’t checked out from that area yet. I’ll start the logs so we can record everything. |
| Billy: | The only one left is that new guy: Axel. His security background check came up negative, but there’s not a lot of information about him. No suspicious associations, just a typical college graduate . . . |
| Taggert: | Well, do a quick financial scan on him. The computer logs show Jenny’s machine going online right about when his machine was switched off. I’m getting some weird feedback from his machine. Remind me to check out the security card in his computer later. |
| Billy: | Well, there’s nothing unusual in this credit analysis. Just the usual: He was late with a couple rent payments, some heavy credit card purchases, . . . wait, he did just buy a new car. Think it means anything? |
| Taggert: | Maybe. Hang on, let’s bring up the machine he’s using . . . There. Now we can see everything he’s doing. |
| Billy: | Sure, but it doesn’t make much sense to me. Looks like he’s running some sort of statistical analysis . . . That’s a report writer and a word processor running in the background. How do we know it’s Axel? Maybe Jenny forgot and left her machine running? |
| Taggert: | Hang on a second, wait until we get some keyboard activity. OK, there we go. Now, bring up the security camera over here . . . Yeah, there he is . . . |
| Billy: | What’s that on the side? Looks like a dismantled PC . . . |
| Taggert: | Yeah, that’s probably why I had trouble earlier. Well, I don’t know what he’s doing, but we’ve got him on at least two major security violations. The access one is a felony. That’s enough for me. Send a termination notice to human resources, and let’s go get him out of here. I’m locking up his computer now. |
|
(Office, 8:18 PM) |
|
| Billy: | Okay, Axel, hold it right there. |
| Axel: | What the . . .? Who are you guys? |
| Taggert: | Corporate security. Come with us . . . |
| Axel: | What? Look, if it’s about the computer, I can explain, mine broke, and . . . |
| Taggert: | We don’t want to hear it. You can confess tomorrow. Your boss can decide if we call in the police. Either way, you’re out of here. Billy, escort him out. Then follow him home. Make sure he’s here by 8:00 tomorrow morning. If he tries to leave, call the police and have him arrested. |
Questions