T 5.16 Threat posed by internal staff during maintenance or administration work

Internal staff might during maintenance or administration work try to modify privileges (e.g. international dialling authorisation) or to activate user facilities, either to their own advantage, or as a favour for colleagues. As a result, system crashes could be caused through ignorance or other security loopholes could be opened up through configuration errors. Also, improper handling of hardware components could result in their destruction. In addition, maintenance staff may have full or restricted access to the stored data (read and write) and could pass this on without authorisation or tamper with it.

Manual control or temporary disabling of control technology or alarm systems could pose a serious threat as well. This also affects alarm and control systems.

Examples

• A person employed temporarily to block accounts that were no longer used exploited his extensive permissions to download copyright-protected software from the central applications server for his own private purposes. In order to at the same time be able to distribute the program to his friends, he used the office CD-ROM writer and data media.

• To enable a colleague to carry out her private home banking transactions during office hours, as a favour she is given exclusive access to her Internet provider via ISDN as a favour. When she downloads a screen saver from the Internet at Easter, she infects her PC with a virus. As the computer is connected to the internal network, the virus rapidly spreads. The corporate network is out of action for several hours while the problem is sorted out.

• Intruder detection devices often have an integrated log printer. It is a common occurrence for the intruder detection device to be switched off in order to replace the necessary paper roll. When the machine is next turned on there is a danger that the system will not start up correctly so that it malfunctions as a result.