I have been reading a lot about access control lately. I am a firm believer in least access. Only give access to those people who need it and deny access to everyone else.
This story in the Register is a prime example of someone having more access than they should have...
http://www.theregister.co.uk/2008/01/24/disgruntled_employee_silent_rampage/
the gist is this ...
An administrative assistant (AA) who thought she was about to be replaced went to the office between 11PM and 3 AM Sunday and deleted a large number of files from the architects office she worked for. The firm was able to recover the files with the help of an outside company.
The story does not say how the files were deleted or whose account was used.
Assumptions I am making:
The company server was either in a common area (store room) or in a locked area that the AA had access to.
The server was logged in as administrator and not locked.
The AA's user account had access to the files
There were no time restrictions for login to the network.
Suggestions:
Server should be secured in areas that few people have access to.
Do not leave your server logged and unlocked on as an administrator, this is an invitation to having all of your files erased - oh wait.
Why does your AA have access to all of the files? Limit access to the really important files in your company. I know it is easier for everyone to have access to everything than to have to figure out who should have access to what, but that also makes it easier for your really important files to disappear.
If your office staff is not on site or not connecting on the weekends, turn off their access.
I relate this to having a safe in your house with a nice combination lock. To make best use of it you aren't going to leave the safe sitting out in the middle of your floor with door sitting wide open. You also would not give your cleaning company the combination to the safe.
Look around where you are at now, what could you do to improve the security of your company or home?
Be safe
James
(additional) a little communication could have avoided all of this - on both sides.
The Register does close the story with "(The AA's) job was never under threat, though it probably is now."
