HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.

Scott Wright's editorials on a variety of security issues for non-technical business managers and home computer users. Please feel free to comment and help spread the word that managers need to think about their information security risks.

The Virus Time Machine (e-Book)
Product ID: 00000007

... What You Need to Know (and Wish You Knew Before) About Removing Virus and Malware Infections Before you start down the path of trying to fix a virus infection on your computer, you should really understand what's invol ... More »

Non-Member Price: $4.99

November 2008 Posts

Archives
  Scott Wright's Security Views
Blog Entry

Visitor access logs can be used for unintended purposes by anyone

Thursday, November 20th 2008 @ 3:00 PM (not yet rated)    post viewed 999 times

Originally posted - April 24, 2007

I’ve noticed on several occasions entering office buildings where they have a visitor’s log, it can make for some interesting reading as you sign your name. Visitor access logs are one of the fundamental audit controls in IT and physical security. Who was there, when, representing whom? But when competitors of one another visit a mutual client, it can provide competitive advantages one way or another, or it can be used to gain information about what brand of firewalls or antivirus safeguards are used by an organization.

I’m sometimes surprised at the fact that some highly secure organizations have never taken the initiative to allow visitors to sign in on a medium that doesn’t reveal who came in a few minutes or hours earlier. Maybe I’m just paranoid, but it is something to keep in mind. At least keep it to one sheet instead of a binder of the entire month’s visitors. That could be a significant risk for leakage of information useful in planning an attack.

On the lighter side, I have seen the ploy used intentionally to add a sense of urgency to competitive vendors in their final negotiation stages with a customer. They arrive at the customer site to see in the visitor logs that their chief rival was in a few hours earlier with their big guns to make a last minute concession or proposal. Were they really there, or was it just a tactic to make the vendor sweat?

So, just remember that access history can often be viewed by all visitors, unless you manage them frequently.

Share

My live security awareness webinars are a quick and affordable way to provide your entire staff with professional quality security awareness training and education - whether it's general training or for specific teams or industries. I offer group rates and can tailor content to your specific needs. Please call or email me at the coordinates below, or CLICK HERE to see my training webinar catalog.

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

Site Meter

add a comment  rate this post: very bad poor average good fantastic!
Comments

Copyright 2012. Security Perspectives Inc. All Rights Reserved.