Page 633 - StudyBook.pdf
P. 633
Operational and Organizational Security: Incident Response • Chapter 11 617
Chapter 12 “Operational and Organizational Security: Policies and Disaster
Recovery.”)
Software is expensive, especially when considering the number of copies pur-
chased for installation in a large organization. For this reason, any installation CDs
and licenses should be kept in a secure area, such as a server room, safe, or locked
cabinet. Securing software in this way will also prevent users from making pirated
copies or illegally installing software on machines.
The Importance of Securing All Data
A number of years ago, when hard disks were smaller and could be
Notes From the Underground…
backed up to floppy disks, I was called in to do some work at a small
branch of a loan company. The company was conscious of security, and
kept its server in a locked closet that protected it from unauthorized
employees. The closet was close enough to a receptionist’s desk, so that
anyone who attempted to enter the locked closet during the day would
be seen, and the office was equipped with an alarm system to protect it
at night. The security lapse existed with the backed-up data.
The company backed up all sensitive data to floppy disks. All client
information, including data on credit accounts and loans, were backed
up to a large number of floppies. If a problem occurred, the floppies
could be used to restore the system so this branch office could resume
business quickly.
Unfortunately, the floppy disks were stored in a broken, plastic
storage box, which was kept on top of a filing cabinet. Employees, the
night janitors, and even clients, had the opportunity to steal one or all of
the disks without any difficulty. When you think of the potential damage
people could have experienced if this sensitive information fell into the
wrong hands, it makes you cringe. Fortunately, after the employees of
the company were informed of the potential problem, they moved the
box to a safe.
If you think this is an isolated problem, you’re wrong. Years later, a
different company had a similar problem. The network administrator
used company couriers to routinely transport a rotation of backup tapes
to another location, where it was to be locked in a secure cabinet. Each
week, the courier would drop off new backup tapes, and pick up the old
ones from the cabinet. If there was ever a fire or other disaster at one
location, backup tapes could then be acquired from the other location,
so that all data could be restored. Unfortunately, it was found that the
courier would forget to lock the cabinet after switching the tapes,
thereby leaving them insecure in a cabinet that any employee or visitor
Continued
www.syngress.com
