There was a brief flutter of noise around the fact that Fannie Mae discovered a logic bomb on its systems, placed there by a fired systems administrator. Logic bombs can be frightening things. Often placed by the disgruntled employees who know the systems the best, they can do significant damage. There are two main things people always recommend to defend against logic bombs, and one that they forget. The two people always point out are:

1. When firing anyone (especially a sysadmin) do not let them return to their work area until all of their access has been terminated. (Fannie Mae appeared to fail at this one).
2. Review logs and systems periodically to make sure nothing is amiss. (Fannie Mae apparently did this as another employee found the logic bomb before it did any damage).

The other factor that people often overlook is the simplest, and one you probably do already:

1. Back up your files!

If your data is backed up, it doesn’t matter if they get wiped out by a logic bomb, virus, natural disaster, hardware failure, or human error – the cost of recovery can be minimized. If the culprit wipes the OS in addition to the files, then restoration may take time as you’ll have to rebuild the OS also, but I think everyone agrees that rebuilding the OS is a far better solution than not having backups at all.

Tags: backups, employees, fannie mae, insider threats, logic bomb

This entry was posted on Wednesday, February 4th, 2009 at 2:21 pm and is filed under Information Security and Risk Management. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.