Checking visitors entering your facility
A major carrier has missplaced several of its service vehicles. There is some concern they may have been stolen. So you may want to double-check vendor ID's of service personnel accessing your facilities.
Can you identify the company? David On Thu, 20 Sep 2001, Sean Donelan wrote: :Date: Thu, 20 Sep 2001 17:16:24 -0400 (EDT) :From: Sean Donelan <sean@donelan.com> :To: nanog@merit.edu :Subject: Checking visitors entering your facility : : :A major carrier has missplaced several of its service :vehicles. There is some concern they may have been :stolen. So you may want to double-check vendor ID's :of service personnel accessing your facilities. : :
And how hard would it be to paint a truck that looks like a carrier truck and make fakeIDs. On Thu, 20 Sep 2001, David Coder wrote:
Can you identify the company?
David
On Thu, 20 Sep 2001, Sean Donelan wrote:
:Date: Thu, 20 Sep 2001 17:16:24 -0400 (EDT) :From: Sean Donelan <sean@donelan.com> :To: nanog@merit.edu :Subject: Checking visitors entering your facility : : :A major carrier has missplaced several of its service :vehicles. There is some concern they may have been :stolen. So you may want to double-check vendor ID's :of service personnel accessing your facilities. : :
Christian --------- i am me, i dont write/speak for them
I can't say that when I arranged telco services, that I was ever in a position to note the vehicle that the tech(s) came in. I don't know that I'd be too concerned about the vehicles missing but Sean does raise a good point. During this "hot" period of terrorist activity, are you watching all the strangers that come into your organization? I know I've had people walk into one of my remote offices saying that it was time for the printers to get their periodic cleaning--and the staff just let them. They had complete unescorted access to the facilities. It's just not something that's commonly thought of on a day to day basis, but should be now. -- Leigh Anne
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Christian Nielsen Sent: Thursday, September 20, 2001 4:05 PM To: David Coder Cc: nanog@merit.edu Subject: Re: Checking visitors entering your facility
And how hard would it be to paint a truck that looks like a carrier truck and make fakeIDs.
On Thu, 20 Sep 2001, David Coder wrote:
Can you identify the company?
David
On Thu, 20 Sep 2001, Sean Donelan wrote:
:Date: Thu, 20 Sep 2001 17:16:24 -0400 (EDT) :From: Sean Donelan <sean@donelan.com> :To: nanog@merit.edu :Subject: Checking visitors entering your facility : : :A major carrier has missplaced several of its service :vehicles. There is some concern they may have been :stolen. So you may want to double-check vendor ID's :of service personnel accessing your facilities. : :
Christian ---------
i am me, i dont write/speak for them
On Thu, 20 Sep 2001 16:43:43 -0600 Leigh Anne Chisholm <lachisho@tnc.com> wrote:
I can't say that when I arranged telco services, that I was ever in a position to note the vehicle that the tech(s) came in. I don't know that I'd be too concerned about the vehicles missing but Sean does raise a good point. During this "hot" period of terrorist activity, are you watching all the strangers that come into your organization? I know I've had people walk into one of my remote offices saying that it was time for the printers to get their periodic cleaning--and the staff just let them. They had complete unescorted access to the facilities. It's just not something that's commonly thought of on a day to day basis, but should be now.
which is still insufficiently paranoid. a substantial amount of industrial espionage is done by agents who get themselves hired by janitorial services and the like, where there is often no vetting of any sort. there's no reason why others with differing criminal interests can't use the same methods. seriously, do you have any idea who is emptying your trash basket? do you really think that the bean counters took that sort of thing into consideration when they selected the firm who does that work? given the stories we hear about routers and switches and servers being unplugged so that the vacuum or the buffer can be run, it's clear that nobody is escorting the cleaning staff around the facility. perhaps this should change. richard
On Thu, Sep 20, 2001 at 07:54:07PM -0400, Richard Welty wrote:
seriously, do you have any idea who is emptying your trash basket? do you really think that the bean counters took that sort of thing into consideration when they selected the firm who does that work?
This reminds me of a pet peeve. Many business use services where they provide boxes in your office and come around periodically and shred / recycle them. Many businesses find these more economical than maintaining large shredders on prem. These sound safe. They shred it in front of a company rep, so you can see your papers turn into bits. That said, there are a number of expected, and unexpected attacks: 1) Someone can take the whole box (say overnight), or pick the lock on a box. 2) A string with something sticky (say gum) can retrieve papers from a locked box. 3) I have personally witnessed one incident where while empting the unit into the shredder on the loading dock (in front of a company rep) a good number of papers were blown away in a strong wind. 4) I have yet to see an office where when the company collects, a company rep follows them receptical to receptical. They generally dump them into a big hopper, and could take papers along the way. So, if you're going to use them, at least have a company rep follow the person from box to box to make sure there is no tampering. Dump them often, so there are few papers in there, and little opportunity for the night staff to take the box or fish some papers out of it. I guess it's better than nothing, but companies really should buy shred-it-right-now type shredders. -- Leo Bicknell - bicknell@ufp.org Systems Engineer - Internetworking Engineer - CCIE 3440 Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
On Thu, 20 Sep 2001, Richard Welty wrote:
given the stories we hear about routers and switches and servers being unplugged so that the vacuum or the buffer can be run, it's clear that nobody is escorting the cleaning staff around the facility. perhaps this should change.
wow. you mean people actually let cleaning staff into their nocs? i'd rather have a little clutter than let janitorial services into our noc. it's actually the responsibility of the technical staff to vacuum the carpetted edges of the room and empty the wastepaper baskets when it needs to be done. wouldn't you rather move trashcans out of the NOC once a week than worry about who is going in there after hours and unplugging stuff? but then again, two of the "bean counters" (myself and the owner) are part of the technical team, so we think of things like that. one of the benefits of working for a tiny ISP i guess. as for that reminder from sean about checking IDs, thanks for that. we are about to have some installs done by verizon and adelphia which will involve access to the noc and telco entrance. i will pass that reminder along to all of the staff. deeann m.m. mikula director of operations telerama public access internet http://www.telerama.com 1.877.688.3200
Deeann, you don't need to let cleaning staff into your NOC for a threat to exist. Access to a filing cabinet, storage closet for cleaning supplies, or even the underside of a desk is all a terrorist needs to leave something undesirable enough that you'll be enacting your disaster recovery plan from a remote location. As for off-site shredders - our Provincial government used a contracted company to shred high school achievement examinations. An employee of the shredding company "liberated" a couple of exams and sold them to students. If something is important enough that it should be shredded, do it onsite--do it right. -- Leigh Anne
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of deeann mikula Sent: Thursday, September 20, 2001 6:29 PM To: Richard Welty Cc: nanog@merit.edu Subject: Re: Re[2]: Checking visitors entering your facility
On Thu, 20 Sep 2001, Richard Welty wrote:
given the stories we hear about routers and switches and servers being unplugged so that the vacuum or the buffer can be run, it's clear that nobody is escorting the cleaning staff around the facility. perhaps this should change.
wow. you mean people actually let cleaning staff into their nocs? i'd rather have a little clutter than let janitorial services into our noc. it's actually the responsibility of the technical staff to vacuum the carpetted edges of the room and empty the wastepaper baskets when it needs to be done. wouldn't you rather move trashcans out of the NOC once a week than worry about who is going in there after hours and unplugging stuff?
but then again, two of the "bean counters" (myself and the owner) are part of the technical team, so we think of things like that. one of the benefits of working for a tiny ISP i guess.
as for that reminder from sean about checking IDs, thanks for that. we are about to have some installs done by verizon and adelphia which will involve access to the noc and telco entrance. i will pass that reminder along to all of the staff.
deeann m.m. mikula
director of operations telerama public access internet http://www.telerama.com 1.877.688.3200
As for off-site shredders - our Provincial government used a contracted company to shred high school achievement examinations. An employee of the shredding company "liberated" a couple of exams and sold them to students. If something is important enough that it should be shredded, do it onsite--do it right.
If you want to be secure, you shred locally, preferably with a crosscut shredder, then burn locally, or have a pulping service come out. They turn the shreds into basically paper mache. As to external services, minimize, scrutinize, and change routines unexpectedly. -- Dave's Engineering Page: http://www.dvanhorn.org Got a need to read Bar codes? http://www.barcodechip.com Bi-directional read of UPC-A, UPC-E, EAN-8, EAN-13, JAN, and Bookland, with two or five digit supplemental codes, in an 8 pin chip, with NO external parts.
Not to mention another problem.... Q: What's the difference between a vacuum cleaner and a 200,000 volt Van de Graaff static generator? A: Not much MAB **************************** On Thu, 20 Sep 2001, Richard Welty wrote:
given the stories we hear about routers and switches and servers being unplugged so that the vacuum or the buffer can be run, it's clear that nobody is escorting the cleaning staff around the facility. perhaps this should change.
wow. you mean people actually let cleaning staff into their nocs? i'd rather have a little clutter than let janitorial services into our noc. it's actually the responsibility of the technical staff to vacuum the carpetted edges of the room and empty the wastepaper baskets when it needs to be done. wouldn't you rather move trashcans out of the NOC once a week than worry about who is going in there after hours and unplugging stuff? but then again, two of the "bean counters" (myself and the owner) are part of the technical team, so we think of things like that. one of the benefits of working for a tiny ISP i guess. as for that reminder from sean about checking IDs, thanks for that. we are about to have some installs done by verizon and adelphia which will involve access to the noc and telco entrance. i will pass that reminder along to all of the staff. deeann m.m. mikula director of operations telerama public access internet http://www.telerama.com 1.877.688.3200
Actually Mark, the difference is that most highschool kids know what a Van de Graaff generator is. ;) -Jim P. --- Mark Barker <barkerm@foliofn.com> wrote:
Not to mention another problem....
Q: What's the difference between a vacuum cleaner and a 200,000 volt Van de Graaff static generator? A: Not much
MAB
****************************
__________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/
I always thought Tesla coils were way cooler myself. ;) Grant Jim Popovitch wrote:
Actually Mark, the difference is that most highschool kids know what a Van de Graaff generator is. ;)
-Jim P.
--- Mark Barker <barkerm@foliofn.com> wrote:
Not to mention another problem....
Q: What's the difference between a vacuum cleaner and a 200,000 volt Van de Graaff static generator? A: Not much
MAB
****************************
__________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/
Lost vehicles?? People lose keys, badges and small stuff all the time. I can't fathom this as a more than once in agreat while exception.. Brian "Sonic" Whalen Success = Preparation + Opportunity On Thu, 20 Sep 2001, Sean Donelan wrote:
A major carrier has missplaced several of its service vehicles. There is some concern they may have been stolen. So you may want to double-check vendor ID's of service personnel accessing your facilities.
There have been several similar scares in the last week, including ambulances, fire trucks and crop dusters. The reason I'm not publishing the name of the carrier is I haven't been able to reach anyone at the carrier to confirm it. Here is a news story about some of the earlier warnings http://dailynews.yahoo.com/h/ap/20010919/us/attacks_alarm_1.html
participants (12)
-
barkerm@foliofn.com
-
Brian Whalen
-
Christian Nielsen
-
David Coder
-
David VanHorn
-
deeann mikula
-
Grant A. Kirkwood
-
Jim Popovitch
-
Leigh Anne Chisholm
-
Leo Bicknell
-
Richard Welty
-
Sean Donelan