Instructions: Add additional insight opinions or challenge opinions and you can visit a couple of the web sites contributed and share your opinion of these sites. Minimum of 150 words for each.
RESPOND IN 150 WORDS
1) I really enjoyed reading this article and watching the video. I've had to watch this video for another course and it still brings to mind the phrase "you are not as good as you think you are" - or, in this case, as secure as you think you are.
Jason's already had a high tech security system in place, including badge readers, pressure sensitive floors, motion detectors, and a sophisticated safe that protected itself from brute force attacks, yet they were still vulnerable to intrusion. The biggest take away, for me, was that people are the biggest threat to security.
In this case, I am not talking about Nick and the members of the Tiger Team; the threat came from the employees of Jason's of Beverly Hills. However, the building's employed security guard's failure made the building a permissive area. Once upstairs, the receptionist inserted the thumb drive into her computer, which enabled them to pull files from her computer (one of which was the code to the alarm panel).
The team was able to clone the owner's badge because it was not secured in a sleeve that protects from RFID and use the cloned badge to be granted access into office spaces. The owner also gave up personal information during the phony interview that enabled the team to access his safe.
Regardless of how high tech your security hardware, the employees must be able to safeguard data, as well. In order to accomplish this, there must be training in place, as well as enforced policies and procedures.
RESPOND IN 150 WORDS
2) After reading this story I wasn't at all surprised. I thought it was incredibly interesting to read and it was quite the eye opening type of story. It also made me do a little research into who Chris Nickerson actually is because I had never heard about him until after seeing his name on this week's forum posting.
I was able to discover that he used to be one of the top security vulnerability analysts in the country. I don't know if he actually still is this within the Unites States but I did notice that some of the videos were pretty old. However I was able to see on youtube that he had quite a network of jobs that he and his team were paid to tackle. He has been running that security consultant firm for a while in which they test the security settings of distinguished business and corporations.
During this story in question, I immediately noticed how the secretary allowed Chris to access the buildings inner structure and access the cafeteria so easily. He requested to meet with the employee Nancy however when he arrived and already knew she was out of the office and requested to wait for her to return.
The secretary instead of allowing him access to the cafeteria should have advised Chris that he would have to reschedule his visit with the employee. The company could have had a messaging log book at the front desk in which they could record messages for employees that were not available and asked guests to either wait in the waiting area/lobby or return at a later time.
Also, the company should have an ID Card policy like we have at the Dept. of Veterans Affairs that every employee is required to have their Corporate ID card hanging on a lanyard around their neck in plain sight of all employees.
Additionally, the employees definitely needed refresher training done for "Shoulder surfing", which is which is similar to what took place in the smoking area, in which the employees allowed the member of Chris's team to walk behind them right into the company and go meet Chris in the Cafeteria area and escort him back to the cubicle computer network area.
I don't know if the company has a security policy installed on their systems but should have regarding plugging USB's into the computers, which is how the team members accessed the system and installed their created programs on the machines.