General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Why negative confirmation is a BAD idea.
You send a note to the email address on the employee directory and it doesn?t bounce. It sits in the mailbox until finally, after four weeks, the process catches up with the now retired or laid off employee and deletes their ID and their access and removes them from the overall corporate system. Security checks based on the negative confirmation White Paper show that this is a fantastic idea, since you can remove people from the lists as soon as they are officially gone. But how long does it take?
I submit to all of the whitepaper and corporate security folks that negative confirmation is a BAD idea. What negative confirmation does is allow a userid to linger in a system for a long time (in some cases several weeks) in which the former employee still has access to the network and resources. The fact of the matter is that if we are placing security on a bounced email message, then we are not securing resources. Here?s a scenario that plays out all too often:
John Applegate is a contractor that ABC, Inc. has hired to do some consulting work while their consultant is out with a high maintenance customer. While John is at ABC, Inc. he comes up with an application that streamlines the sales & manufacturing areas and allows ABC, Inc. to better determine how much of their products they can manufacturer in a time period, giving them the ability to better size projects and costs. Once everything is settled, John?s services are no longer needed and he is laid off. The papers were processed on his leave, and his paperwork was working through the corporation in the removal from the system. Four weeks later, it was found out that someone had backed up his work and removed it from the server it was on, as well as found out that someone was logging in with his account information through the connectivity package and later downloading other corporation property.
Since the company does not perform computer forensics, they could not point directly to John as the person who did this deed. However, an internal audit focused on processes that caused the problem. They found that because the system did not take care of removing the appropriate actions fast enough, the breach was due to negative confirmation not being done in a more timely and effective manner. They decide that negative confirmation still has value, but the process has to be adjusted to close the time gap.
This is what I have been advocating since long before September 11, 2001. When a person who is a contractor or other is brought online to perform work, and they are let go, the effective date of the release of the employee is relayed to HR so that they can put it in the system, and when the person is walked to the door, it is then on that day all of the ID?s and accesses are removed. Say you know two weeks from today that George will be leaving the company. It takes HR a week and a half to process and remove the ID?s. You would submit the paperwork on Tuesday, and then on that last Friday, he would not have access.
Additionally, internal processes need to be upgraded so that the company is not waiting on any one particular group to finish processing. In an e-commerce world (e-business if you want to call it that), once an effective date is placed into the system, the HR application should be able to override the system and remove those on the day they are due to walk out & within the specific time.
This lack of due diligence on the part of managers and security aficionados concerns me, especially when we are banging employees on the head for security problems with their workstation, and avoiding a potential security breach by using negative confirmation when an employee leaves the company, or potential problems when an employee has the ?Out on Vacation? auto response turned on.