I've been thinking about the compromise of President-Elect Barack Obama's mobile phone records at Verizon Wireless. Verizon Wireless recently fired the guilty parties, as they should. However, this is not the end of the problem. In fact, it's only the beginning.

As I work in a customer service organization, I understand the business need for customer service agents to have access to customer records. In order to provide quality service to a customer, access to their relevant data is vital.

How much access to that data is needed? Does every rep need access to all that data 24x7, anytime? The CISSP in me says absolutely not. Do companies properly control access to this data? Not in my opinion.

There are always going to be people who need access to all customer data, e.g. management or management designates. However, the number of people who have that level of access should be relatively small. All access to that data should be heavily audited.

For the lowly customer service rep--the people who typically answer the phone when a customer calls in--they should have access to the customer's records unless the customer provides a PIN of some sort. Without a valid phone number and the appropriate PIN, the customer service reps should not be able to pull up the records at all.

Of course, there are going to be exceptions to this rule, for example if a specific rep is working with a specific customer on a specific issue, but as a rule, only people with a valid business reason to have access to the customer data right now should have that access. This needs to be enforced by business process as well as the tools themselves.

Really, though, it's a simple matter. If you don't have a legitimate business reason for looking at customer data, don't do it. This has always been my policy back from when I was a systems administrator. Reputable customer service agents follow this rule, the good ones don't even have to be told.

Back to Verizon Wireless for a moment. While I know it is a matter of a few rogue employees and I feel they responded to the situation appropriately, it shouldn't have happened in the first place. A large telecom like Verizon Wireless should have systems in place to prevent this kind of "data leakage" already. Clearly, whatever measures they employ either weren't followed or were ineffective.

I hope that all telecommunications carriers learn from this experience.

Andrew Hay and Warren Verbanec, two of my former co-workers, along with Peter Giannoulis and Keli Hay have come together to make the Nokia Firewall, VPN, and IPSO Configuration Guide. These folks have put together a comprehensive tome covering all of Nokia's network security solutions, though the primary focus is on Nokia IPSO and Check Point VPN-1. I also played a small role in this book by writing the foreward for it, as well as helping both Andrew and Warren with various things over the years.

Of course, since the time this book was finished, but before it was printed and bound, and available on amazom.com and other places, Nokia announced it was selling off the Security Appliance business. Even if the boxes have a different name on them, which must happen eventually as result of new ownership, they'll still be the same high-quality systems you've come to know and love from Nokia.

Several current and former Nokia colleagues are involved in a project called The Academy where a number of videos are posted related to configuring security appliactions. The website has been relaunched and it's shaping up to be a great resource for the security geeks out there. Now, where's some videos on Sourcefire, Peter? :)

The thing that has consumed my waking thoughts on Monday was the fact that Nokia has announced they are in the advanced stages of discussions with a financial investor to purchase this Security Appliance business from Nokia. Since this is the part of Nokia I work in, I am obviously a bit concerned by this.

All indications are that the Security Appliance part of Nokia's business will be spun out--intact--and made an independent company under new ownership. By itself, Nokia's Security Appliance business is fairly substantial. Not as big as Nokia's handset business, obviously, but it's still a reasonably sized business.

For customers, it should be business as usual. Operationally speaking, most of what makes up the Security Appliance business in Nokia is already fairly independent of the rest of Nokia. The relationships with Check PointSourcefire, and others will continue and likely strengthen. The only real change will be the name on the front door, though you will likely to continue to see the Nokia brand in use for a period of time while the marketing folks roll out the new branding.

I think it will be a positive thing for the business as a whole. I personally see a lot of opportunities in this new world order, both for myself and the business. That being said, I won't be part of Mother Nokia anymore, which I believe also has some interesting opportunities, but opens others. It's giving me a lot to think about.

In the evenings, I like to work downstairs on one of the kids computers. It's nice to sit somewhere else and work. Keeps the mind fresh, and it also allows me to experiment a bit.

One problem with doing this is the web filters, which I've set up to prevent "accidental" exposure to the naughtiness of the Internet. I'm using K9WebProtection, which is a free Windows-based filter that only filters access via the web browser. It does not filter other programs.

The problem is, I have the settings set fairly stringent. The default setting blocks access to Flickr, YouTube, Share on Ovi, and others. Things I tend to look at while I'm blogging. Whitelisting those sites is possible, but not happening. Having to type in my password every 15 minutes is just annoying.

I stumbled upon a solution this evening with some Googling. It completely and utterly bypasses K9WebProtection and could easily be done by someone without user privileges.

How did I do it? I'm not going to say. For obvious reasons. However, search the Oracle of Google and you'll find the answer. However, at least now I can do my work without disabling the Internet filter.