 |
 |
David, Telecom Systems staff will /always/ have two badges on them -- an MSU Staff badge and one specific for Infrastructure Planning and Facilities. Both have color photos on them. We don't send students out to do phone work (but they may accompany one of our full-time techs) -- our students will also have an IPF badge on them as well. If you ever have a concern about the validity of somebody working at your site, please call 353-1760 (IPF Dispatch) or the police department. They will be able to verify that the person on site is supposed to be there. Don't be afraid to challenge somebody you don't know. -Nick Kwiatkowski MSU Telecom Systems -----Original Message----- From: David McFarlane [mailto:[log in to unmask]] Sent: Thursday, June 01, 2017 10:49 AM To: [log in to unmask] Subject: [MSUNAG] Someone checking telephone lines So a young fellow just showed up unannounced at my office and asked to plug some equipment into my telephone jack. He looked all official, with various pieces of equipment hanging off his belt and carrying a clipboard. It occurred to me that if someone wanted to do some social engineering to get me to allow them to plug in some equipment for an attack through my phone line, that would do it. Just for kicks, I asked if he had any ID, and he said all he could show me was his student ID. So I let it pass. It seems to me that we give a lot of lip service asking people to be vigilant about security, and then in practice ask them to drop their guard. I myself often go into labs unannounced and start fiddling with equipment with no one questioning me -- often I bring to their attention that they should not just let me do that (which itself could be a good social engineering move). I don't recall getting a memo ahead of time about this telephone line check, that would help. Just passing on some info here. -- dkm