Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Australian data deletion highlights the need for protection of critical user IDs

CyberArk Software : 17 March, 2009  (Company News)
Cyber-Ark says the deletion of more than 10,000 Government records in Australia's Northwest Territory by the drunken ex-fiancee of an IT staffer highlights the need for protection of critical user IDs and passwords.
'Reports are coming in of the deletion of 10,475 user accounts on the North West Territories' health, court and prison service's computer systems in a drunken rage after one member of IT staff terminated a relationship with another IT employee,' said Mark Fulbrook, Cyber-Ark's UK and Ireland Director.

'The plain fact of the incident - which cost five days and around A$1.25 million to resolve - is that high level IDs such as that operated by the lady concerned should never have been accessible to ordinary members of staff. They should have been stored digitally and only accessed on an auditable basis by designated members of staff with specific authority for a given user session.'

According to Fulbrook, high level administrator IDs such as the one misused in the Northwest Territories data deletion incident, should have been protected by an authenticated protection system and the use of one-time transaction access numbering (TAN) technology.

By using an auditable data vaulting protection system, allied with one-time TANs, even if the male member of staff had been able to discover his fiancee's login details, the staffer could not have deleted the user account data without a TAN, said Fulbrook.

Fulbrook added that the incident is a classic case of insufficient multi-stage security being applied to high level administrator IDs and passwords.

The technology required to protect administrator IDs and passwords, he explained, is now available at relatively low cost, and is therefore deployable in a wide variety of IT situations.

'Data vaulting technology is no longer the expensive option that many people think it is. It's cost-effective, easily deployable and, perhaps more importantly, can be integrated with other audit and user account control systems,' Fulbrook said.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo