Computer Security and ISO27001
Computer/Internet/Software Articles
Submit Articles Back to Articles
Last week while
travelling by train I witnessed a severe breach of security by one of
my fellow passengers.
He was obviously
angry as he spoke on his mobile phone. He seemed to be speaking to one
of his colleagues who was having a problem with one of their computer
servers and wasn't sure what to do.
The conversation
went something like this...
"You need to log in
as an administrator to gain access to the xxxxxxx operating system
config file".
"What do you mean
you can't remember the administrator password".... For God's sake it is
$%^mGGtss76".
"Now you are in the
system you should run the yyyyy utility. did that work?"
"Ok now go into the
ttttttttt company server called ryytruuuuuuuuy enter the high level
administrator password ... letmeinagain8! and run the backup exec file
and all should be well. ...If not Barry call me again".
The chap clearly
ignored the rest of us and assumed that we were not listening to his
conversation.
I asked him if he
realised what he had done and that I had sufficient information to hack
into his company server. He looked shocked, he hadn't given it a
thought.
He used his mobile
again.
"Barry, you will
need to reset the passwords on both systems now as I seemed to have
broadcast them to the entire carriage on this train"
"Yes *********** all
right..... I know, see you later. Don't mention any of this to Harry".
The morale here is
to ensure that you don't give away sensitive information and certainly
not disclose passwords.
Tags: ISO27001, password control, social engineering
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters
Limited an established independent management consultancy based in
Essex, UK which specialises in ISO27001 Information Security
Management consultancy.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2010-11-08 12:03:58 in Computer Articles
