I work in an idyllic setting. My office is deep in the heart of New York's Adirondack Mountains. The building I'm in (built in 1894) was at one time a world-renowned medical research laboratory dedicated to the study of and cure for the white plague, tuberculosis. Being a student of history, this appeals to me, and loving the mountains as I do, even better. But what does this have to do with security?
Last week, I got a call from my landlord in the early morning. Mary is the local director of the historical society, and the historical society owns and is in the process of restoring the building in which I rent office space. Mary told me that the front door of the building was left open all night the previous night and asked if I knew how that might have happened. Since I don't use the front door, I told her that it must have been some of the workers that are renovating other parts of the building. I hung up the phone, and that was that. I operate on the theory that if you open the door, you should close it; if you unlock it, you should take responsibility and lock it back up when you're done. But I think the real world must operate on another understanding.
This incident got me thinking about the job of a security officer and what that entails. It isn't our responsibility to check the front door every night, but does that mean we should never check the door? The more I thought about this, the more I came to the conclusion that a good security officer will periodically take an inventory of how things are on the system or systems they are responsible for just to see if someone has opened a door that should really be closed at all times.
What should this security inventory process look like? Here's my short list of things that I'd look at periodically. The frequency is up to you and is somewhat dependent on the size of your shop, the number of users that you have and the risk associated with the applications running on your box.
- Check your user profiles against your latest company telephone list looking for people who have left but still have active profiles on your system. If there is a question, disable the profile until your suspicions have been satisfied.
- Check your user profiles for those that have not been used since your last review, consider disabling them.
- Make sure that there are no profiles with permanent passwords assigned.
- Check a list of all of the user libraries on your system and see if there are any new ones. If there are, make sure you know what they are being used for and how they are secured.
- Run the command WRKSYSVAL SYSVAL(*SEC) and review all of the security system values to make sure they are still set up the way you intended.
- Review the hardware configuration for your system and see what new devices have been created. Make sure you understand what they are used for and any security implications that may exist.
- Check the security on your system request attention program to make sure that it is not open to abuse.
- Review your network security arrangements. Do your users have open access via FTP, ODBC, Client Access/400? Check the controls in place that limit user network access.
Obviously, a list like this can go on, but these are the things that I came up with for a periodic review. If you have additional thoughts on more items to include, by all means let me know and I'll include them in a future tip. My e-mail address is email@example.com.
About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the AS/400 market.