What type of system allows a user to authenticate once to access multiple services?

An excellent way of properly informing users of monitoring activities is through the opening screen that is presented to them. By reading a warning like the one that follows, users explicitly accept both the conditions of monitoring and punishment when they proceed to the next screen. Thus, the first screen any user sees when logging into a secure computer system should be something to the following effect:

• Limit user access to only those files they need to do their jobs: Providing access that is not needed greatly contributes to risk without a corresponding increase in benefit. Why bother?

• Avoid shared accounts: Individual activity cannot be differentiated unless there are individual accounts.

• Secure the user account name list: Because of its importance to system security, the user account list should be considered to be confidential and should never be made public. Give b consideration to storing it as an encrypted file.

• Monitor account activities: Keep a record of all system use (many systems perform this function through an audit trail feature).

• Terminate dormant accounts after a pre-set period of inactivity (e.g., 30 days): Legitimate users can always reapply and reestablish their accounts.

• Select an authentication system: The right choice for an authentication system depends on the needs of the organization and its system, and should be based on the findings of a risk assessment (see Chapter 2). Note that the following options progress from least secure to most secure, as well as (not surprisingly), least expensive to most expensive:
  1. Something the user knows (e.g., a password--see below)

  2. Something the user has (e.g., an electronic key card)

  3. Something the user is (e.g., biometrics--finger printing, voice recognition, and hand geometry)

• Limit users to acceptable log-in times: There is no reason for an average day-shift employee to be able to access the system in the middle of the night.

• Limit users to acceptable log-in locations: There is no reason for an average employee with a terminal on his or her desk to access the system from his or her supervisor's desk.

• Set reasonable limits to the number of allowable log-in attempts: Enable the system to assume that anyone who can't enter a password correctly after three attempts may, in fact, not be who they say they are. Allow users more than one or two attempts or else they might make mistakes simply because they are worried about getting shut out. After three incorrect attempts, the account should be suspended (to prevent an intruder from simply calling back and trying three more times). Legitimate users can always have their accounts reopened by contacting the security manager.

• Require staff to log off the system and turn off the computer: The last important step of logging on properly is logging off properly. Users should be required to log off every time they leave their workstations (e.g., for lunch, breaks, and meetings). After all, an unauthorized user has free reign to an authorized user's access when a computer is left unattended and logged into the system.

• Protect every access node in the system: An "access node" is a point on a network through which you can access the system. If even one such point is left unsecured, then the entire system is at risk. A good example of frequently forgotten access nodes are modular network plugs that are often built into conference rooms (into which portable computers can be plugged). If unauthorized users can get to such a node with a laptop, they are in position to attack the system.

• Protect cables and wires as if they were access nodes: If a sophisticated intruder can access a span of cable that is used as a connector between pieces of equipment, he or she may be able to access the entire system. Physically accessing the wiring is referred to as "tapping the line." High-end equipment can monitor electrical emanations (known as Radio Frequency Interference) from wiring without even physically touching the cable.

• Disconnect floppy drives from servers: A sophisticated intruder can boot-up (the technical term for "starting the system") from an external disk drive.

• Install screen savers (with mandatory locking features): Prevent information from being read by anyone who happens to be walking past the display monitor.
   

• Consider requiring pre-approval for remote access privileges: An identified subset of employees to monitor is more manageable than every random person who calls into the system.

• Remind staff that remote access is particularly subject to monitoring activities: Increased risk requires increased vigilance.

• Set modems to answer only after several rings: An authorized user will know that he has dialed a "slow" modem and will therefore be willing to wait. A random-dialer looking to bump into modems may be less likely to be so patient.

• Use a "call back" communication strategy with remote access users: Once users call in and properly identify themselves, the connection is dropped and the system then calls back the authorized users at a pre-approved access location.

• Use software that requires "message authentication" in addition to "user authentication": Even if a user can provide the right password, each message sent and received must have its delivery verified to ensure that an unauthorized user didn't interrupt the transmission.

• Never transmit sensitive information over public telephone lines unless the transmission has first been encrypted: Unless a line can be verified as secure, it must be considered to be susceptible to tampering.

• Investigate security features of external networks to which the system connects: The Internet and other networks are not just things your staff can access and browse--they are two-way lines of communication. If security cannot be verified, then additional precautions must be taken (e.g., gateways and firewalls).

• Install firewalls on your system at external access points: A firewall is by far the most common way to secure the connection between your network and outside networks. It works by allowing only trusted (authenticated) messages to pass into your internal network from the outside (see also Chapter 9).
   

• Never list dial-in communication numbers publicly: Why advertise what authorized users should already know?

• Disable modems when not in use: No need to provide a viable line of access to and from the system unless it's necessary.

• Never leave a modem on automatic answer mode: Such a practice opens the door to unauthorized and unsupervised system access.

• Permit modem use only from secure locations: Never allow a modem to be connected to a system machine that is not itself protected by a firewall or gateway.

• Grant Internet access only to those employees who need it to perform their jobs: A student might need the Internet for legitimate learning purposes, but a staff assistant probably does not.

• Remind students and staff that the Internet (and all system activity for that matter) is for approved use only: There are countless Internet sites and activities that have no positive influence on the education environment. They have no place on the system.

• Require all users to sign Appropriate Use Agreements before receiving access to the system: Signed Security Agreements (see Chapter 3) verify that users have been informed of their responsibilities and understand that they will be held accountable for their actions.