Misconfigured Access Rights and Removable Media (AQA GCSE Computer Science): Revision Notes
Cyber security threats: Misconfigured access rights and removable media
Understanding misconfigured access rights
Organisations typically organise their network users into different groups to manage security effectively. Each group receives specific access rights that control what software, hardware, and data they can access.
Think of access rights like having different levels of keys in a school - teachers might have keys to classrooms and staff areas, while students only have access to certain areas.
How user groups work
When access rights are set up properly, they create important security barriers. The separation between different user groups helps protect sensitive information and prevents unauthorised access.
Real-world Example: School Network Access
In a school network setup:
- Teachers can access grade databases, administrative folders, and student records
- Students can only access their own work folders and educational resources
- IT administrators have access to network settings and system configurations
- Office staff can access enrolment data and scheduling systems
This layered access approach ensures each user group can perform their duties while maintaining security boundaries.
The problem with misconfigured access rights
When access rights aren't configured correctly, serious security problems can occur:
- Wrong access levels: Users might gain access to files and systems they shouldn't be able to reach, such as accessing other people's emails or confidential documents
- Blocked legitimate access: Users might be prevented from accessing their own files and resources they need for work
- Insider attack opportunities: This creates perfect conditions for insider attacks
Insider Attack Definition
An insider attack happens when someone who already has some authorised access to a network tries to gain unauthorised access to other parts of the system. These attacks are particularly dangerous because the perpetrator already has legitimate credentials and knowledge of the organisation's systems.
Preventing attacks through proper access management
Well-configured access rights act as a crucial defence against cyber attacks. By limiting what each user can access, organisations can:
- Stop malware from spreading if one user's account becomes compromised
- Prevent users from accidentally clicking suspicious links or installing dangerous software
- Protect confidential information by ensuring only authorised personnel can access sensitive data
- Reduce the risk of insider attacks by limiting each user's access to only what they genuinely need
Removable media security risks
Removable media refers to portable storage devices that can be easily connected to and disconnected from computer systems. Common examples include USB memory sticks, external hard drives, CDs, and DVDs.
Understanding the threats
Removable media devices create two major security risks for computer systems:
1. Data theft risks
Data theft through removable media can happen in several ways:
- Intentional theft: An employee deliberately copies sensitive company data onto a USB stick to pass to competitors or sell to third parties
- Unintentional loss: Someone copies work files onto removable media for legitimate reasons but then loses the device or forgets to secure it properly
- Unencrypted data exposure: When data stored on removable media isn't encrypted, anyone who finds or steals the device can easily access all the information
Critical Security Gap
Unencrypted data on lost or stolen removable media represents one of the most common causes of data breaches in organisations. Even well-intentioned employees can inadvertently expose sensitive information if proper encryption protocols aren't followed.
2. Virus and malware infection
Removable media can become carriers for malicious software:
- When infected removable media is connected to a computer, malware attempts to install itself automatically
- The malware can then spread rapidly across the entire network, infecting other connected devices
- This spread continues unless proper security measures like anti-malware software are in place
- Even previously clean removable media can become infected when used on compromised systems
Auto-execution Risk
Many operating systems are configured to automatically run programmes from removable media when they're connected. This "auto-run" feature, while convenient, creates an easy pathway for malware to infect systems without any user interaction.
Organisational responses
Because of these significant security risks, many organisations implement strict policies regarding removable media:
- Complete bans: Some companies prohibit the use of any removable media devices on their computer systems
- Controlled access: Organisations might only allow approved, company-issued removable media devices
- Security scanning: All removable media must be scanned for malware before use
- Encryption requirements: Any data stored on removable media must be encrypted to protect against theft
Key Security Takeaways
- User groups and access rights help control who can access what on a network - when configured incorrectly, they create security vulnerabilities
- Insider attacks occur when someone with legitimate network access tries to gain unauthorised access to other areas
- Removable media like USB sticks pose two main threats: data theft and virus infection
- Data theft can be intentional or accidental, especially when data isn't encrypted
- Malware on removable media can spread quickly across entire networks when devices are connected
- Many organisations ban or strictly control removable media use to protect their systems