Shoulder Surfing
Looking over a user’s shoulder as they enter a password. This is one of the easiest ways of obtaining a password to breach system security. The practice is not restricted to office computers, it is used wherever passwords, PINs, or other ID codes are used. Could the person behind you at the bank ATM be a shoulder surfer?
Super User
The term ‘Super User’, is one that denotes the highest level of user privilege and can allow unlimited access to a system’s file and set-up. Usually, Super User is the highest level of privilege for applications, as opposed to operating or network systems. Notwithstanding the possible semantics, the use of Super User should be under dual control as such a user could, if they so wished, destroy the organization’s systems maliciously or simply by accident; neither is acceptable!
Stripping
Deliberately deleting files, records, or data, from a system. This can be an authorized activity when, for example, duplicate files are identified and removed from the system to reclaim the disk storage space they occupy. More often, however, stripping is associated with the removal of records which evidence some fraudulent or other criminal activity. It is not unusual for Auditors, or Law Enforcement officers to find that the records they need for their investigations are not there. Deleted records can be recovered if the storage media is secured quickly enough, but a skilled stripper can usually remove all trace of them before such action can be taken. The only recourse then is to backup files where (hopefully) copies can be obtained.
Software Licensing
The use of unlicensed software is illegal, and whilst the majority of organizations would not condone it, the vast majority are believed to be using unlicensed software to some extent or another. In many cases, software piracy occurs totally unintentionally; perhaps where a genuinely licensed program is copied for use on multiple workstations. It is common practice for software vendors to permit customers to ‘try before they buy’. In this case, they offer the software as ‘shareware’ and propose a trial of say, 30 days. At the expiration of the 30 day period, and depending upon the ingenuity of the developer, the software can refuse to load without the input of a valid license key; or it can continue to run as normal or can require the continue depression of a button to signify your understanding of the terms of the license. Unlicensed software is major threat to an organization’s Information Security because, not only does this jeopardize the legal position, it also threatens the data held on such systems as no support will be provided. The End User License Agreement is normally seen during the install process of the software.
From : 17799-news.the-hamster.com
No comments:
Post a Comment