Handbook of Information Security Management:Law, Investigation, and Ethics

Previous Table of Contents Next


Piggyback and tailgating can be done physically or electronically. Physical piggybacking is a method for gaining access to controlled access areas when control is accomplished by electronically or mechanically locked doors. Typically, an individual carrying computer-related objects (e.g., tape reels) stands by the locked door. When an authorized individual arrives and opens the door, the intruder goes in as well. The success of this method of piggybacking depends on the quality of the access control mechanism and the alertness of authorized personnel in resisting cooperation with the perpetrator.

Electronic piggybacking can take place in an online computer system in which individuals use terminals and the computer system automatically verifies identification. When a terminal has been activated, the computer authorizes access, usually on the basis of a secret password, token, or other exchange of required identification and authentication information (i.e., a protocol). Compromise of the computer can occur when a covert computer terminal is connected to the same line through the telephone switching equipment and is then used when the legitimate user is not using the terminal. The computer cannot differentiate between the two terminals; it senses only one terminal and one authorized user.

Electronic piggybacking can also be accomplished when the user signs off or a session terminates improperly, leaving the terminal or communications circuit in an active state or leaving the computer in a state in which it assumes the user is still active. Call forwarding of the victim’s telephone to the perpetrator’s telephone is another means of piggybacking.

Tailgating involves connecting a computer user to a computer in the same session as and under the same identifier as another computer user, whose session has been interrupted. This situation happens when a dial-up or direct-connect session is abruptly terminated and a communications controller (i.e., a concentrator or packet assembler/disassembler) incorrectly allows a second user to be patched directly into the first user’s still-open files.

This problem is exacerbated if the controller incorrectly handles a modem’s data-terminal-ready signal. Many network managers set up the controller to send data-terminal-ready signals continually so that the modem quickly establishes a new session after finishing its disconnect sequence from the previous session. The controller may miss the modem’s drop-carrier signal after a session is dropped, allowing a new session to tailgate onto the old session.

In one vexing situation, computer users connected their office terminal hardwired cables directly to their personal modems. This allowed them to connect any outside telephone directly to their employer’s computers through central data switches, thus avoiding all dial-up protection controls (e.g., automatic callback devices). Such methods are very dangerous and have few means of acceptable control.

Prevention of Piggybacking and Tailgating

Turnstiles, double doors, or a stationed guard are the usual methods of preventing physical piggybacking. The turnstile allows passage of only one individual with a metal key, an electronic or magnetic card key, or the combination to a locking mechanism. The double door is a double-doored closet through which only one person can move with one key activation.

Electronic door access control systems frequently are run by a microcomputer that produces a log identifying each individual gaining access and the time of access. Alternatively, human guards may record this information in logs. Unauthorized access can be detected by studying these logs and interviewing people who may have witnessed the unauthorized access. Exhibit 3 summarizes the methods of detecting computer abuse committed by piggybacking and tailgating methods.

Exhibit 3.  Detection of Piggybacking and Tailgating


False data entry is usually the simplest, safest, and most common method of computer abuse. It involves changing data before or during its input to computers. Anybody associated with or having access to the processes of creating, recording, transporting, encoding, examining, checking, converting, and transforming data that ultimately enters a computer can change this data. Examples of false data entry include forging, misrepresenting, or counterfeiting documents; exchanging computer tapes or disks; keyboard entry falsifications; failure to enter data; and neutralizing or avoiding controls.

Preventing False Data Entry

Data entry typically must be protected using manual controls. Manual controls include separation of duties or responsibilities, which force collusion among employees to perpetrate fraudulent acts.

In addition, batch control totals can be manually calculated and compared with matching computer-produced batch control totals. Another common control is the use of check digits or characters embedded in the data on the basis of various characteristics of each field of data (e.g., odd or even number indicators or hash totals). Sequence numbers and time of arrival can be associated with data and checked to ensure that data has not been lost or reordered. Large volumes of data can be checked with utility or special-purpose programs.

Evidence of false data entry is data that does not correctly represent data found at sources, does not match redundant or duplicate data, and does not conform to earlier forms of data if manual processes are reversed. Further evidence is control totals or check-digits that do not check or meet validation and verification test requirements in the computer.

Exhibit 4 summarizes the likely perpetrators of false data entry, methods of detection, and sources of evidence.

Exhibit 4.  Detection of False Data Entry


Computers sometimes stop, malfunction, or enter a state that cannot be overcome by normal recovery or restart procedures. In addition, computers occasionally perform unexpectedly and need attention that normal access methods do not allow. In such cases, a universal access program is needed.

Superzapping derives its name from Superzap, a utility program used as a systems tool in most IBM mainframe centers. This program is capable of bypassing all controls to modify or disclose any program or computer-based data. Many programs similar to Superzap are available for microcomputers as well.

Such powerful utility programs as Superzap can be dangerous in the wrong hands. They are meant to be used only by systems programmers and computer operators who maintain the operating system and should be kept secure from unauthorized use. However, they are often placed in program libraries, where they can be used by any programmer or operator who knows how to use them.

Previous Table of Contents Next

The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.