>>VIEW ALL POSTS  

Sister CISA CISSP

« MasterCard Ups the Compliance Quality of PCI DSS
Hard Disks Never Die – They go to Digital Forensics »
Jul 13 2009   5:27PM GMT

Adventures in Auditing #1

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

I’m still amazed that folks are going about their business believing that bad things won’t happen. Is it human nature? I thought I’d share with you some of my latest adventures in traveling about and auditing various companies. Just when I think it’s strange, it get stranger.

I was doing an audit and I routinely check for wireless connections. The manager had assured me that their policy was: no wireless. OK, but I check anyway. It’s the nature of my work: controls should be in place and they should be working. Essentially a very simple rule.

Behold, a Linksys wireless router popped up with an obvious default configuration. I followed my trusty wireless signal scanner downstairs through several departments until I came upon it sitting out in the open near a group of desks.

I headed back upstairs and asked the manager about it. His face flushed, and he said, “Where is it?” He followed me downstairs, I pointed out the router, and he reached over and yanked the network cable right out of the wall, looked around, and said, “Who plugged this in?” When no one responded, he took the casing off and stomped on it. A silence ensued.

He was peeved. Glad it wasn’t my router. Not because of the router, mind you, but the person who owned it was obviously going to have a discussion with this manager before long.

Back upstairs, his dignity somewhat restored, the manager asked about my wireless signal scanner, and I promptly demonstrated its virtues (electronics can be soothing). Canary makes a great one that scans for b/g and n networks, giving me the type of encryption AND the SSID so that I don’t have to even open my laptop. It has a visual meter so I can home in on the source of the signal and actually find the access point without my laptop (which is rather obvious).

I was ready to give it to him in hopes of escaping any further compliance corrections, but he seemed calmer at that point and thought getting one of his own was a smashingly good idea. (Sorry, I couldn’t resist).

Comment     RSS Feed     Email a friend

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • JennyMack
    Yipes, thanks for the entertaining story! Gotta love wireless router treasure hunts...
    4,280 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: