The Authentication of the Ring
Once upon a time, there were ten employees in a big, bhg, bpg company. These ten employees, hailing from the same department, decided to go out for a noontime feast one day. Among the ten brave souls that dared to eat outside the department premises, five of them brought their magic identification cards. The rest didn’t.
Now these magic identification cards were bestowed upon them by the all-powerful Human Resources department to empower them during their quests - most of which had a minimum 2.5 year fellowship bond. Legend has it that if the magic cards were placed near the correct scanners, doors that led to untold treasures would open for them.
10 value meals and 1 hour later, the ten employees went back to the company to resume their quests. The first five with identification cards easily got in. With a 180-degree, crescent-shaped swiping motion of their magic identification cards over the department door’s scanner, the door unlocked with a loud “bzzzt!”
Then there was the other half that didn’t bring their magic card. They thought that, “Hey, fellow adventurers, you can let us in when you get in right?”
Well, the five cardless dolts were wrong. Their fellow prudent adventurers didn’t let them hitch a ride back inside to the department. They knew that the magic identification cards were there for a reason - to prevent, or at least minimize, unauthorized entry. One cannot even begin to imagine the horrors that would be unleashed if a cracker got inside to mess with the systems or if an intelligence spy got access to the company’s treasured information chest. Such careless behavior should not be tolerated. After all, who better can implement the company’s security program, other than the employees themselves?
The five boy/girl scouts wanted to teach the five rascals a lesson. However, the guard waiting at the lobby proved to be the weak link in the company’s security plan. With a persuasion spell of Pleasus Openus the Doorus Maximus, the guard promptly used his magic card to let the employees in to the department.
End of Story.
Truly, companies could do more with their security measures. This is an example of a security breach that used social engineering (guard) to thwart two of the pillars of IT security - authentication and authorization. In my honest opinion, either companies start implementing what they have on paper or scrap the whole program all together. With roughly US$3 per magic card and a hefty US$1,000 per scanner, the money could have been put to better use for the sake of the stockholders.
