610    Chapter 11 • Operational and Organizational Security: Incident Response

                 Access logs require anyone entering a secure area to sign in before entering.
             When visitors require entry, such as when consultants or vendor support staff need
             to perform work in a secure room, an employee of the firm must sign the person
             in. In doing so, the employee vouches for the credibility of the visitor, and takes
             responsibility for this person’s actions.The access log also serves as a record of who
             entered certain areas of a building. Entries in the log can show the name of a vis-
             itor, the time this person entered and left a location, who signed them in, and the
             stated purpose of the visit.
                 Even after a visitor has been given access to an area, a member of the organiza-
             tion should accompany them whenever possible. Doing so ensures that the visitor
             stays in the areas where they are permitted. It also provides a measure of control to
             ensure that the visitor does not tamper with systems or data while they are there.
                 Chaperoning someone who has been given clearance to an area is not always
             possible or desirable. For example, if you have hired an outside party to install
             equipment that is needed for Internet access, you may not want to stand beside the
             installer for an extended period of time. However, workers can be monitored in
             high security locations using video cameras to provide electronic surveillance.This
             provides a constant eye, and allows for review of their actions if an incident occurs.
                 Alarms are another method of notifying people of unauthorized access.Alarms
             can be put on doorways, windows, and other entrances, and set to go off if
             someone enters an area and fails to follow proper procedures. If someone enters an
             incorrect PIN number to unlock a door, or opens a door without deactivating the
             alarm properly, a noise will sound or a signal will be sent to a person or company
             that monitors alarms.Additionally, any number of added defenses can be used to
             sense entry into a secured location. Motion detectors can be used to sense any
             movement in a room, heat sensors can be used to detect body heat, and weight
             sensors can be used to detect the added weight of a person on the floor.While
             such elaborate methods may not be needed everywhere within a building, they are
             viable solutions to detecting unauthorized entries.
                 Computers can also be configured to prevent unauthorized access by locking
             them with passwords. Computers can provide screensavers with password protec-
             tion, so that anyone without the password is unable to access the system. For
             example, Novell NetWare servers provide a password-protected screensaver that can
             be activated by entering the command SCRSAVER ACTIVATE from the server
             prompt.
                 To deactivate the password, the user needs to enter a username and password
             with sufficient privileges.Windows computers also provide password protection on
             screensavers, which prevents access to the machines while the owner or designated



          www.syngress.com