Scripts: boon or bane?
Late 2015 the following case was published: a company discovered various scripts on a computer of a former programmer. These scripts were meant for example to send a SMS to his wife, if he was in the company after 9 pm, to scan his mail-account for mails with the words “help” and “trouble” to restore the datatbase to the freshest Back Up and to send a mail with the subject “no problem” or even to start the coffee machine.
It is common practice of programmers, administrators or IT-experts to use scripts which are written for the special needs of the users. Generally they are useful and even provide some extra protection. Scripts are used very often to automate recurring command sequences. Usually every user writes its own script which he can adapt quickly to his needs, mostly without any documentation.
But the following problems are likely to occur:
- Each user has the possibility to depose ALL commands (Shutdown, User change, modify rights, etc.)
- Each user uses his own scripts – untested
- Scripts are usually not documented
- If the creator is no longer active in the company, it needs to be rewritten
- If the system environment changes the scripts will not be updated
- Contents of scripts are not comprehensible
- Scripts are run on servers for which they are not intended to
- They can be misused as access for hackers
The VISULOX Command GUARD module allows the user to carry out only those commands that are provided in a repository of VISULOX specifically for this purpose and originating from the operator of the plant. These are tested and checked for formal correctness and. Thus, the use is risk-free, even in critical environments. In addition, a list of servers is defined, which may be addressed by the external users.
If the user now tries to enter a locked command or to start his own script, which contains a blocked command, an error message is displayed and the execution prevented.
Inform yourself today, how VISULOX can support your IT on a secure basis. contact