Previous Table of Contents Next


If the end-user identification code provided during the log-in process is not found in the security database, there is one choice. The security application or function can either let the end user log-in despite the invalid end-user identification code or reject the log-in attempt. Permitting the log-in to take place is not generally recommended unless that access can be controlled in some other fashion.

Invalid End-User Identification Code Accepted

The security software should be able to do at least two of the following if the enterprise is going to permit any access to end users providing invalid end-user identification codes:

  Restrict the end user to an area that gives him or her no options other than signing off or else very limited read-only access in the system. This has the benefit of informing an end user that entered an invalid identification code that a mistake has been made.
  Perform additional logging to enable the security administrator to perform a complete review of what the unidentified user did while having access to the system.
  Immediately signal the security administrator and possibly someone in operations so they can investigate and take any action deemed necessary.

Notwithstanding the preceding items, the single-level log-in approach should be avoided if at all possible. The enterprise does not have the ability to rely on the authenticity of users accessing company systems, and there is the risk of end-user identification codes being compromised due to the accidental entry of an invalid identification that happens to be the identification code of another user.

Invalid Identification Code Rejected

If the security administrator sets the security software to reject an invalid end-user identification code, the rejection will probably require other settings to be established. These settings may include, but are not limited to, one or more of the following items:

  Limit on unsuccessful attempts
  Action to be taken
—Temporary device lockout
—Permanent device lockout
  Notification

Limit on Unsuccessful Attempts. The security software may have the capability to track unsuccessful log-in attempts. This feature is designed to detect potential attempts to gain unauthorized access in which the unauthorized access is based on password guessing. If the number of attempted sign-ons reaches the threshold value in the security software, the system will respond.

The system response in an environment with a single-level sign-on technique cannot be based on or associated with the end-user identification code, because someone guessing at codes will not be using the same one twice. Any response can be based only on the device in use when the log-in is attempted. The system typically only has two options for a device: locking it out temporarily or locking it out permanently.

Temporary Device Lockout. Locking out the device temporarily has the effect of delaying the person or program attempting to access the system without completely blocking an authorized user who is only having trouble logging onto the system properly. The temporary response is more appropriate in situations in which personnel may be working on second or third shift, or on the weekend, when no one may be present in operations. The end user can continue trying to sign on to the system without having to go to another area or take some other potentially inefficient alternative.

Permanent Device Lockout. The security administrator may choose to establish a permanent lockout of the device for those situations in which security considerations require a more definitive response, or where someone is present to reset a device for the end user who accidentally disabled the device through unsuccessful access attempts.

Notification. The security software should include at least one feature providing for the notification of the system operator, security administrator, security guard, third-party security service, or other party responsible for monitoring activity at the covered location. The notification could be as simple as an indicator that there has been a violation without specification. It could also be complex, providing detailed information about the violation, the physical location, time, and user identification code.

Two-Level Log-in

The end user types his or her identification code into the indicated field on the screen and either takes whatever action is required for the computer to process the entry, or enters the password and then prompts the computer system to take action. The computer should take the entered end-user identification code and compare it with the security database. If the end-user identification code is found, the password kept in the system is compared with the password entered by the end user. The IT auditor should grant access based on established rules in the case of a match.

The IT auditor should be aware that there are systems that permit an end user entering an invalid end-user identification code to log into the system. Even further, these systems can create a new end-user profile based on the entered information. The IT auditor is urged to resist this approach, which may reduce security effectiveness to zero.

IT auditors should note that a successful log-in in this situation indicates that the most likely occurrence was one of the following:

  An end user correctly entered his or her own identification code and password.
  An unauthorized person correctly entered the identification code and password of a legitimate end user and gained access to the system.

If the end-user identification code provided during the log-in process is not found in the security database, there are two options. The security application or function can either let the end user log-in despite the invalid end-user identification code or reject the log-in attempt. Permitting the log-in to take place is not generally recommended, unless that access can be controlled.

Invalid End-User Identification Code Accepted

The security software should be able to do at least two of the following if the enterprise is going to permit any access to end users providing invalid end-user identification codes:

  Restrict the end user to an area that gives him or her no options other than signing off or else very limited read-only access in the system. This has the benefit of informing an end user that entered an invalid identification code that a mistake has been made.
  Perform additional logging to enable the security administrator to perform a complete review of what the unidentified user did while accessing the system.
  Immediately signal the security administrator and possibly someone in operations so he or she may investigate and take any necessary action.

Notwithstanding these items, this approach should be avoided if at all possible. The enterprise does not have the ability to rely on the authenticity of users accessing company systems, and that risk should not be accepted.


Previous Table of Contents Next