Controlling the Administrator s Activities | Protect Your Information with Intrusion Detection (Power)

Controlling the Administrator's Activities

IT specialists are often underpaid, and this is a sad and well-known fact. Furthermore, in some organizations, the management adopts a restrictive and unfair policy, attempting to limit the administrator's possibilities of improving their knowledge and skills as much as possible. As a result, these employees become increasingly annoyed and offended. The same might happen if there is a lack of career prospects or insufficient respect. As a result, such disgruntled administrators can cause intentional damage by reconfiguring network equipment or critical servers and other devices in order to take their revenge or blackmail the boss.

Network-and host-level intrusion detection systems can be used to control unauthorized configuration changes of the protected hosts performed by users that have been granted administrative privileges. In this case, such systems can act as an additional control tool. A disgruntled administrator can clear a couple of log files, but the record of his unauthorized activities will remain in another one.

Attack on a Nuclear Power Plant

On January 11, 2001, ZDNet News agency reported an incident concerning a nuclear-power plant in Bradwell, Great Britain. The plant's security specialist attempted to sabotage it by hacking the plant's computer network. However, his attempt to delete some secret information activated the main system for alerting of emergencies. According to data from the Guardian, the intruder was detected by the security service of the nuclear-power plant. He is currently being prosecuted. Representatives of BNFL, the owner of the nuclear-power plant, declared that the incident did not present any risk to the environment, personnel, or citizens living in the surrounding area. The power plant continued to operate in normal mode. However, the management ordered that both overall and computer security be tightened.