Slashdot Mirror
SF Not an Exception In Giving IT Too Much Control
CWmike writes "The city of San Francisco's IT department is certainly not the exception when it comes to allowing just one person to have unfettered rights to make password and configuration changes to networks and enterprise systems. In fact, it's a situation fairly common in many organizations — especially small to medium-size ones, IT managers and others cautioned in the wake of the recent Terry Childs incident."
What was it they said in the 80's about the most common admin passwords?
I really think this type of thing is inevitable with this high level of a network admin. There comes a point where the complexity of the network you manage means that you simply can't report all the inner details and workings to a manager or overseer. Not only that, but with the speed that computers advance, hardware becomes obsolete within a decade, and new talent often times wont have knowledge/capabilities/will to deal with the older hardware that builds up in operations such as these.
Sadly I think the only thing one can do with things this size, is appoint someone and pray he isn't chaotic evil.
...you're doing it wrong.
I mean, really. What do we have now? The guy loses control, flips out, locks everyone out of the system, they are down for who knows how long as they bring in crackers and consultants and what not, and the guy goes to jail.
But...
If you just waterboard the guy, until he coughs up the password, the system's not down for really any longer than it takes a Windows Update to screw everything up, so you can just let the guy who locked you out walk, instead of putting him in jail or prison for who knows how long.
Waterboard in this case would be simpler, safer, and better for everyone.
This is my sig.
I forget who said that "an elephant is a mouse designed by a committee." Sure, you can get paranoid about network design and control, and give the job to a committee. But that is going to be really clumsy.
The issue here really is not about size of the design team, it is about vetting the guy who does it. ( The guy who is in charge of the network for my business is someone who I really know and trust. He was best man at my wedding. )
"Childs, an employee working for San Francisco's IT department, used his privileged access to lock everyone out of a crucial network for days."
I wonder if it wasn't an intentional lockout, instead someone realized all of a sudden that Childs was numero uno and saying "GIVE ME THE CODES NOW!" and when he didn't someone had a hissy fit and took things very far very quickly instead of competently sitting down and talking with Childs fairly.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
They claim that you should have more than one person that knows the password and configuation of the network. I work mainly in small-mid sized business; I have never heard of only one person knowing the password. In fact, the smaller the business, the more the owner wants to know the password (IME). Generally IT doesn't want $random_user to have the admin passwords. Also, everyone that has them is another person that can potentially "lock down" the system (see third para).
The configuration? Well I am not real sure what they mean? Basic configs such as IP addreses and such have been documented at even the shoddiest implementations I have seen. Plus, if you know how to run that server, you probably know or can find and make changes to the "configuration". But if there is only one person at that company that knows that server/technology, well then there is probably only one person that knows the configuation! What should the accounting manager know how to run our servers?
But the bigger issue is that in a SMB, and in my current positions, I could CHANGE THE PASSWORD!!! Doh, they forgot that you can do that!
TFA goes on to say things about hiring an administrator and then an auditor for the admin. WTF? Never heard of this happening in my career. I do know the military uses these methods, but that makes sense for them. The average sign printing company (even a 200 employee company) can't do that.
TFA highlights a situation that we all knew existed... and didn't even give a (reasonable) proposed solution.
No comprende? Let me type that a little slower for you...
When you have already laid off everyone and downsized your IT department to so few employees, its kind of hard to avoid having a single person with so much power.
I Heart Sorting Networks
Cisco should start selling Childs-proof routers! *rimshot*
Tsunami -- You can't bring a good wave down!
Yes, this is prevalent. Unfortunately, no, it has precious little to do with IT.
This quote from TFA is quite true, but universally so. Let's play Business Mad Libs:
"Single points of failure are always bad," said John Pescatore,
an analyst at Gartner Inc. "There should never be one person who is
the only person who knows ____ MISSION CRITICAL INFORMATION ____."
Companies need to make sure there are at least two if not three people
who share the knowledge of ____ BUSINESS PROCESS______. "As a minimum,
require it to be documented and stored somewhere if personnel
limitations say you can't have personnel with overlap," Pescatore said.
Have fun playing the accounting, regulatory, legal, and R&D versions, just for warm-up.
Now, if the business managers weren't smart enough to either know this applied to IT as well as their other divisions, or not smart enough to not recognize that that they needed outside advice on how to apply business rules to IT - well, you have to wonder how well the other parts of their businesses are running.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Fast foreward to today
Management has placed so many controls on the development process. Fer example, we need to get Business owner's approval for starting work, testing, and then before move to production. We are monitored constantly. We fill out Remedy tickets for each stage of development. We can not do "systems" stuff, like even compile our own programs. Really. Every compile, move, and test is monitored and recorded.
Yep, management has certainly stepped in and taken control back.
I've forgotten what the original article was...wait a minute... oh yeh.
Anyway, I am thinking that the Frisco situation could not happen here. I am not afraid. But I really miss those days when I really had control of the development.
Of course there will be people in IT who have power, and of course that power can be abused.
Somebody at a television network has the power to broadcast rocking horse porn if they want to as well and there is no time machine to unrock that horse.
The articles hypes up one person being able to abuse power as if it were unique to IT and suggests a remedy that more than one person should have this power, as if this had any bearing on anything, e.g. the ability for the abuser to simply revoke access to others. What, somebody else should be assigned the exclusive ability to revoke? Then that person is the potential abuser. This is silly.
Apparently, a bunch of idiot managers realized all of a sudden that they had GIVEN one person control over a major network, and tried to seize back control. Also apparently, he did not trust them to keep it running properly. (And also apparently, rightly so.)
So where is the "incident"?? What did he do wrong?
By law he might have done "wrong" by not relinquishing the passwords immediately. But by the people of San Francisco, he may have saved them a lot of trouble and headaches. So, he was faced with a dilemma: obey the law, or do the right thing.
Sad.
Whenever I register for a site where my email address is my username, the password I use happens to be the same password that I use for my email account.
With that in mind, I'm going to go ahead and not express any opinions on security.
You call it dangerous, I call it job security.
When you do teamwork, everyone has some of the knowledge, and no one has a big, overall picture. That model doesn't work for a network.
Although, what if terry childs had died suddenly.. like, from a heart attack, or a very fast onset of diabetes, or choking on a donut? It doesn't make sense for a manager to give complete freedom to IT to the point where IT doesn't even have to stay with well known (to management) passwords!
It's called Seperation of Duties.
And the best part? Cracking could be illegal, according to the DCMA. Waterboarding? Its legal!
You mean... with those stupid lids? The ones I can't get off to save my life?
... but then it is only childs-proof until he orders some online!
I guess they could use those annoying screws to secure the lids
As if it's ITs fault. Most companies I've worked at I have pointed this very situation out and usually get overruled based on the cost of doing it "right".
(It isn't enough to have several people with the password, you need to know how to recover if you lose total communication with the guy responsible - ig. died.)
Also it isn't just IT. Last months pay got delayed at my company, which really shouldn't happen since KPMG is responsible for taking care of payments for our company. The reason? The lady responsible for authorizing the transfer was the only one with the passwords to do so, and she was in labor.
Some people on /. think it is best to have one knowledgeable person with all the information so that confidential information is not leaked or changes made without the lead guy being aware.
Others think of the bus rule, what happens if the guy who knows everything about mission critical infrastructure components gets hit by a bus?
That is why I have taken a page from the Sith Lord Darth Bane and apply the rule of two. When I build a network I teach and train one apprentice. Then if they suck I fire them and hire a replacement, but if they are good, when I get bored and decided to move on, I feel confident they can take on a apprentice themselves.
It is neat, clean and simple, better still it doesn't have the rules and complexity of Jedi type systems requiring me to check in docs to a source control system, report changes to managers what don't understand, have managers that don't understand sign-off on things they don't understand and avoid dumb rules like not being able to train techs that appear to old, etc.
Yeh, if you ask me the Republic, I mean Network as a whole is best off with Sith types in charge versus bureaucratic Jedi types.
Respect the Constitution
The more I see on this case the more I think Childs is being set up as a scapegoat. The guy built the networking side from scratch and it seems management were happy with him running it with sole admin rights. Then a new admin comes in and he freaks out and gets overprotective. And a $5 million bail? Murderers don't get that much.
I totally agree that there should always be 1 person holding all the keys, and that they should give them out as needed, and at thier discretion. However, you also need insurance. How about keeping a manilla envelope, with important admin passwords and configuration info, locked in a wall safe that only the admin and a trusted keeper (say a manager, or a college) know the combination to. If the admin goes bonkers, sure they can change the passwords and you're screwed, but you can't really prepare for the onset of batshiat-crazy, but if the admin gets hit by a bus, his boss can open the safe, break the seal on the envelope, and minimize the damage done by losing the admin.
I know you shouldn't write passwords down, but there's a difference between a sticky note under a keyboard and a sealed envelope in a safe someplace.
i have a roll of electrical tape.
Anyone else read that as "SourceForge Not an Exception In Giving IT Too Much Control" ?
Basically the guy sees the writing on the wall and includes the password equivalent of a dead-man's switch.
Not according to insiders. He had *always* had the routers configured to clear when someone tried to guess the password, long before any of this started. Why he did this, I don't know... it seems extreme to me but for some networks it's probably appropriate... it IS a standard configuration in the routers. It sounds like someone or something convinced him that this was "best practices" for security, so that's what he did.
I elect to become the Lord of the Passwords.
Lord of the Passwords! ??? Profit. Definitely.
Why? To enhance my resume and make me rich.
Why? Simply, its the ultimate backup to the getting hit by a bus. If you and the VP/President who are trusted password holders are hit by a bus, how will your company survive? I will not go outside. No bus will ever hit me.
Make your legacy count for something. Don't let your work go to waste. Hire me today!
Hmmm, What were the 80s and 90s like?
Terry Childs hijacked the network so he could traffic Childs porn without legal repercussion. Look it up.
1) Some people work in an environment where you can't pass on the knowledge even with considerable effort. No-one wants to know. And when you do give people the passwords they really don't get kept safely. No-one documents the abuses that did not happen because Childs kept the passwords to himself and they did not wind up in a spreadsheet on a central file server that anyone can access. There seems to be no middle ground here - one must either keep the password to ones self or post it on facebook.
2) This case was notable because his mgmt did not have the passwords. But when someone goes psyco it's the fact that they have the password that's the problem. Giving passwords to more people means more potential psycos have access
I am apart of a SMALL IT firm. We run into this ALL the time.
We have run into clients who's own domain name is not owned by them but their support staff that purchased it. When the service provider is fired due to breach of contract or SLA, they often take the name down until the final invoice is received. This is often in dispute because the last month of work has many extras. Their domain name is held hostage!
We both hold to the same worldview which allows us to have full trust of each other and our clients trust us. We have access to each other's email and passwords for work related stuff.
Whenever we get a new client, we examine all their records and make sure we have passwords to everything. We give the client everything and alert them to any changes.
You can't sell trust, but clients know it or learn it.
They should televise it, too!
http://en.wikipedia.org/wiki/The_Moment_of_Truth_(US_game_show)
Obama's legacy: (N)othing (S)ecure (A)nywhere and (T)error (S)imulation (A)dministration
Has anybody else noticed that these reports of gross IT mis-management are almost always government related?
I think there was another story on slashdot, a while back about some guy who accidentally deleted one billion dollars worth of records, and there was no backup. When I was in Florida, there was some scandal about the state spending millions on this new welfare computer system, and the entire thing was borked, so they hired the same company to fix it, and the company borked it again.
Sure, we laugh at the corporate PHBs, but a lot of government IT management seems to make Dilbert's world seem efficient, by contrast.
Everyone knows the name of Terry Childs, but how many people know the name of the manager(s) in charge, the ones responsible (or negligent) for letting this situation continue until it got to this point.
"You asked for it, you got it." and you are spot on because if they don't correctly assess this current situation, and assign blame to the deserving names, then they are only 'asking for it' to happen again and again.
The administrators *need* access to the highest level of security. Maybe software and operating systems as a whole need to be rebuilt in the shape of a military complex where sensitive access does not have to be granted to the builders.
But, hey, even the builders see the vaults before they are used.
I'd guess that 99.999% of problems like this are not malicious. It just happens through neglect, short budgets, tight deadlines, and attrition. Until you wake up one day and they tell you that Bob got hit by a bus last night and we absolutely have to get the forecast report fixed by 08:00 AM for Mr Johnston's breakfast meeting with the CEO or HEADS WILL ROLL. But now, some guy finally did what many of us have joked about. And so there will be PHB's around the world in a panic for fear that their quiet, abused little drones might turn on them. Wo while they are taking a moment to burn off a donut or two, here's an idea for them to contemplate. Don't give your workers a reason to hate you.
This is a question of management not hiring enough people to do things right. What happens if the one guy who knows everything goes on vacation? If he never went on vacation, no one would say boo because, in our warped culture, having a desire to do anything but work around the clock is somehow abnormal.
Seems to me that in many cases, the IT department may be rather grossly understaffed (either in terms of # of staff, or # of experienced staff).
Many places I've worked end up with a Lord-of-all-IT situation simply because they haven't got anyone who can replace him* or back him up, or weren't willing to pay for backup/additional/experienced staff.
* male gender used for convenience purposes.
One of my first jobs was a bank teller. Our passwords were sealed in an envelop, which we initialed, and locked in a vault which needed two keys to open.
If the two officers needed my password, they'd open the vault, open the envelope, breaking my seal (letting me off the hook of responsibility).
IT has to learn from banks.
This is an "Atlas Shrugged" issue.
There is no problem with IT security, or "one person having too much control" in this situation, but I'm sure every two-bit security "consultant" and trade magazine will love to sell you services and software to secure your network. The issue here is when you strip an organization of all of it's value and hire people that are sub-par in skills and general morality, you get this result.
This guy took the actions he did to stop a corrupt and incompetent management from doing more damage to the city of San Francisco.
I don't agree with his actions, but I certainly understand what produces this kind of frustration.
Just like Ayn Rand writes, when the power fails finally, and some corporate frigtard comes waving a lot of money for me to help analyze the situation and get it running again, count me in with "NO.". I'll be very happy on my self-sustaining farm with other people that are tired of technology-wannabees with CFO's behind them that are paid large bonuses to cut IT costs as much as possible.
The issue here is the never ending cycle of people who don't know IT, running IT, based on counting money instead of calculating value reaching for that which is corrupt and foul when their short-sighted schemes fall down.
These management frigtards need to go back to school to learn what value is instead of worshipping the damn dollar, euro, or whatever.
"Master Blaster owns Bartertown."
I am the richest astronaut ever to win the superbowl.
It really depends on who the "one person" is. Committees rarely design good crypto algorithms or protocols, for example. On the other hand, if you just pick the "one person" at random, you risk picking the wrong person.
I guess it's sort of like picking a dictator. If you pick the right person, and hold that person accountable, they will get things done more efficiently than a committee. If you pick the wrong person, they will get the wrong things done more efficiently than a committee.
http://outcampaign.org/
I know people in various industries who consider obscure hacks, lack of documentation, etc "job security."
To me, being the guy who can do it all is great for job security, but the flip-side is that if you're the *only* guy that can handle things... sure, you're semi-irreplacable, but that applies equally to being fired as when you want to take a day off or holiday. Personally, I prefer work-competence as a reason for not being fired, and documentation/standardization as a way to ensure that somebody else can back me up when I want to take a few weeks off (real time off, as in not near a computer and not "on call" with a pager/cellphone going off in my pants pocket next to the pool).
I doubt that there is a system, besides firing a nuclear weapon, that is able to be configured so that two people always have to agree to a system change. The top level account on any system, network or device will always have the powere to change all other passwords or disable them and then walk away. This is a common item at any time a person is involved. The issue of when a person will snap and if they should be trusted can be examined, but that is not a perfect science since the person may have a problem in their personal life that makes them go over the edge.
All computers would run perfectly forever if they had not users(carbon based units) using them and programming them.
There are ways to create systems and methods to recover from an incedent like that, but since they are fairly rare, the cost/benefit/probability of the risk is hard to sell to management.
Bottom line is absolute power corrupts absolutely. If you have people, you will have people problems. Deal with it or take your ball and go home.
Nuff said.
How about backdoor that can't be turned off? That was put in by the guy who build the system.
I've come across this situation several times in my IT career. I've spoken with my co-workers about these types of issues. In order for us to really function we need to have a type of Hippocratic Oath. Don't get me wrong power is power and abuse is abuse no matter what people state. But taking an Oath at least sets reasonable expectations on all sides. As technology becomes a more vital portion of our day to day living that power needs to be recognized and dealt with. There have been several times when I've informed my boss of the level of dependence they had on me as the holder of the key's to the kingdom. They're eyes always get very wide when I explain as I hand over the keys that the next person to take this role up has total power over the company. The execs should understand this, and IT should communicate fidelity to the execs... I'm not saying that fidelity should allow for the execs to abuse the IT team but a clear understanding is a must. As well if there are people who ice their own company out they should loose something so they can't move on to another job and do the same thing. If the IT Hippocratic Oath was backed up by a guild or a license that can be taken away it would help. Sincerely, end15
All glory to the Hypnotoad!
I have done dozens of Security Assessments/Risk Assessments for City/County/State Govts. In almost every instance, one of the major findings is 'key man risk'. Inevitably, there's always some guy who is the only one who knows the voodoo to make it all work - the whole IT department is one really smart guy, a dozen meatheads, and some management people (sometimes good, mostly bad). If the smart guy gets hit by a bus or quits, the org loses a year trying to catch back up.
You also tend to see a lot of multi-hat positions (Chief Security Engineer/Firewall SME/Lead Network Admin), and mentioning security best practices such as Duty Rotation and Separation of Duties is usually met with a "yeah, right..." smirk and chuckle.
Unfortunately, it's all usually a function of budget + quality of applicants + total inability to communicate effectively with City Council/County Board/etc. to explain why what the PHBs want needs to be properly funded and staffed.
Inevitably, the powers that be decide they need something, and all heads in the room turn to the resident nerd-genius, who immediately geeks out about how he could accomplish it technically using spit and duct tape. The managers unclench when they realize they aren't going to actually have to do their job; what little money there is money gets blown on hardware and software, and the whole thing gets wired up in a perfect example of 'just barely good enough engineering' or a hobbyist project.
It's not really how you expect your local gov't to operate, but they do it all the time. It's kind of like knowing where sausage comes from. Just don't ask.
If that is there, then it should be found in process of scanning for vulnerabilities. I personally do not want the vendor of a purchased application to have a magic key into my computer system.
Is this really an issue of various corporate and municipal entities "giving" IT too much control, or are they simply dodging what should be end-user responsibility for administration which is then assumed by IT since no one else will take the reigns? My personal experience is the latter.
Granted there are absolutely some things that IT should have ultimate responsibility for (routers, server administration, etc.). However, managing access and priviledges to deparmental-specific applications in most cases falls outside IT's expertise. IT's responsibility here is to make administration accessible to the user community without allowing damage and only intervene when an issue arises that is outside the expertise of the end users.
Apparently, this guy is able to design and administer the perfect network: great performance; great stability; and great security. Somenone just needs to put him to work with other network engineers that have his competency level so he doesn't feel like he has to shoulder exclusive responsibility for running the network. Do that, and he would be a valuable addition to any IT shop. He's really wasting his talents working with moronic city government lackeys.
In a new low for humanity, supposed corrections 'expert' and CIO for the Florida Department of Correction Scott McPherson went on the record in favor of utilizing waterboarding to get the information out of Terry Childs.
He later reacts to the minor discrepancies between what was initially reported and what really seems to have happened with the wonderful Now if this is true, it certainly changes things, eh?
So, evidently if Childs *had* been holding the network for ransom, waterboarding was perfectly fine? I hope I *am* going to far, but considering that the man has evidently been with the Florida department of corrections for years, I find myself wondering just how many times he has found that something that leaves no marks and is incredibly good at getting people to sign confessions whether they did something or not is just incredibly useful to have available.
What a sick mind - Pug
An Invisible Entity of Vast Power whose existence must be taken on faith alone: Liberal Media
And PHBs / TPS report driven offices are just as bad when you spend more time doing BS paper work then doing real work. And It takes a long time just to get updated installed, software that you need for your job installed and so on. People then end just siting on butt waiting for the PHB do to there job so you can do yours.
SF is a major city with, presumably, dozens, or hundreds of IT workers.
A 10 man SMB they're not.
Chas - The one, the only.
THANK GOD!!!
Comment removed based on user account deletion
Then if they suck I fire them and hire a replacement, but if they are good, when I get bored and decided to move on,
What, no slaying? No duals? Are you some goody-goody Jedadmin? That's just not Sith-enough.
Here's the Sithway: If your apprentice sucks, you find a replacement to slay the apprentice. If the replacement fails, your apprentice gets to keep the job, and the replacement candidate does not make it to the next round of interviews (obviously).
Sure this method has it's disadvantages-- revenge, backstabbing, his army of itsatrap minions, etc. And if you 'get bored' your apprentice just might replace you. But it's worked for generations. You're free to change it, but you're on your own.
"Can of worms? The can is open... the worms are everywhere."
Shit, _I_ have too much control: smallish shop, limited technical expertise, and gradually all those passwords just accumulated in my lap by default. I'm not going to go rogue or anything, but (as I keep trying to point out to my corporate masters) what if I get hit by a bus? Bye-bye, entire development infrastructure: webserver, app server, database, source code control, just good night and good luck.
I've been _begging for months_ to get out from under this exact situation with no luck. Any suggestions?
I've written this one before.
When you have IT people, they're going to have control of your IT infrastructure. Sorry, but there's not much you can do about that. They need access to your data and your equipment to do the job that you want them to do. You'd better find trustworthy people.
This is kind of like complaining, "I have a chaffeur, but I'm nervous that he might go crazy some day and drive me off a bridge, or head-on into a semi." Yes, that is a risk that you'd face by having a driver. And I'm sorry, but no amount of technology gobbledy-gook is going to prevent disaster if your driver does, indeed go crazy.
You face risks whenever you have someone do something for you -- that they might do it wrong, or that they might try to screw you. You're giving them control of some portion of your life. If you're not okay with that, or you don't trust the person that you've hired, you'd better rethink whether you're in the right business...
The Right Reverend K. Reid Wightman,
But we now call them technomages.
I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
if you have physical access. Anyone competent enough to run a large network should be able to do it.
Ive had many network/system admin jobs ranging from schools and university to international corporations and one thing is constant, extremely small, extremely underfunded and under supported IT teams for the amount of systems in use. Universally IT has been seen as a cost nothing more, 3 people in an entire company understand how/why it works. Its the absolute shortsightedness of (in particular) western business, if it doesn't turn a profit its worthless. I'd say at least 90% of my employers truly believe its a job that any monkey can do. i used to think this was a problem with your typical 3 letter asshat in charge but i have recently come to a much scarier conclusion, its a symptom of modern mans outright refusal to learn anything they don't already know. my last two jobs in particular "IT" WAS the company/College. Modern business is so heavily leveraged into it that yes i would say the admins were more important than the chief execs. People are starting to think admins have to much control but on the contrary i believe the majority of company's are unbelievable lucky to have people willing to keep the system afloat considering the respect we get.
Well, Bart, your uncle Arthur used to have a saying: "Shoot 'em all and let God sort 'em out."
I ran into exactly the same situation as Terry Childs in my short time (about two years) working for a municiple organization.
The difference, however, was being more aware of how stupid people are. For one thing... never lock your boss out of the system. Since there were so few IT policies in place prior to me getting there, it gave me quite a bit of leverage (at least early on) toward getting ones in place.
The first thing I did was change the top-level account password. The password I changed it to was completely meaningless gibberish, which was written down onto a piece of paper and placed into a sealed envelope, which was entrusted into the care of the CIO-equivalent position. I told him it was for emergency use only, and it needed to be treated as the most important piece of information he had... which it was, in the practical point of view. In my time there, it was never used.
Afterward, there was a lot of whining and moaning about people who wanted access... so I got to work on logging. All changes were logged, so accountability was in place (at least, as good as it could be. I kinda made it seem like far more than it was), and all specified people were given special administrator accounts (I detest elevating access on a person's everyday use account). From what I recall, none of those people ever used the accounts they had whined so hard to get, because they knew their activities would be logged (although honestly, not logged as much as I explained to them, but that was for everyone's good).
The problem with many of these people was that they viewed the network as a toy which they could play around with to learn... whereas myself and the qualified staff viewed it as a crucially important business asset which needed to work no matter what. So scaring the tinkers by making them know they would be held accountable for any stupidity on their part made them content to only mess up their own work PCs, rather than the network.
It's amazing what a great deterant accountability is!
After reading the REAL story of Terry Childs, it was hard not to feel sympathy for him. Municiple organizations don't really take many things seriously, and don't have many people who have worked in "real", private sector, IT jobs. Many are either right out of college, transfers from other (non-technical) departments, etc, people who don't really view IT as their career, or do but have no experience working in an enterprise IT environment.
The things he was doing are typically managed by an entire department... and that's often the case in public sector IT. I would LIKE their departments to be run the same as a normal enterprise IT shop... but when you have to deal with politics, where's just no political will to do so. Governmental IT is viewed as an expense rather than an asset, and generally an expense which they try to spend as little on as possible. The idiotic conservative "SMALLER GUBMENT!!!" lunacy doesn't help either, since all it does is guarantee nothing can ever be done in a proper way.
So while I can sympathize with him... he could have been more politically aware. The people who were asking for access, had they thought they could get fired for screwing something up, likely would have never used that access. They only wanted it because they didn't have it.
Lack of decision making. I was a admin of the network of a small group (~10-20 Persons, 30 Computers) for approx. 6-7 Years. Whenever i asked my boss for a decision, he said: do what you think, even when i just asked him: what data should we backup in an expensive (daily, remote) way, what data should we archive in an expensive (remote, redundant, stored on tapes in the computing center) way?. Also i pointed out one year before i planned to leave that now it would be a good time to whom to transfer the knowledge to - no alarm bells rang. It ended up with me deciding everything over 5-6 years, building the sytem in a time saving (for me) way, because the only external pressure was that i should not use too much time on it. The introduction of the next admin was two afternoons. For the last 1.5 years the system was unmaintained (the new admin said he did not want break anything), and as far as i know my root accounts are still active.....
I'm getting to the point in my network that I'm the only single point of failure.
I'm sorry, Dave, I can't let you do that.
--Your Cisco HAL 9000 Router
IT too much control?!?!?!?! No. I don't think so. I've had enough experience with 'general mangers' using passwords on a whim to 'do what they need to do'. The gates must be guarded by the chosen, and then trusted. -cyberbill79 (login issues)
The system works fine, the people are fucked, and they did it to themselves. He didn't flip out, they fucked with him and he fucked them back.
It was not his system and therefor he had no right. If he did not like the job, he should have found another one. Period. Since you do not allow for the man to be waterboarded briefly to give up the passwords, then he has to go to jail and for a long time. It wasn't his property, his act was one of vandalism and destruction, and quite against the law.
All you people seem to think that you are entitled to something, or have a hand in other people's property, and you don't.
This is my sig.
I had the joy of running IT shops in regulated industries (banking and REITs). Our federal and private auditors made damn sure that we had plenty of logging AND alerting in place. If administrative passwords were changed, or "non-admin" access elevated to "admin" access no fewer than 5 other (high-ranking) people were alerted to the fact via email and text message.
These types of log monitoring and alerting tools are now off the shelf commodities and they work with just about anything that spits out a log of some sort.
The problem with most companies is not too much access - the problem is a lack of checks and balances on that access.
-ted
As a sysadmin I cringe every time I'm asked to give out root sudo to yet another new hire. You have no idea how many comp days I've accumulated (but will never be allowed to use) fixing things that shouldn't have gotten broken simply because some moron thought they could do something better ... and not even tell me. My MO is to ALWAYS make my bosses send me an email instructing me to hand out root sudo privileges over my objections. If they want some idiot to trash the network then they are going to take full responsibility for it ... and I get to use it as blackmail at every review.
Sometimes that can be true because we're talking about places where only one or two people have the skills even if there may be hundreds in the building next door. When you limit the arguement to single companies you typically have a few specialists in different areas where this is precisely the case. Add clueless barbarian management into the mix and you can run into situations where information has to be kept confidential from supervisors and can only be revealed to people of the same speciality, those at the very top of the company or the clients that are paying for things. In my case I had to keep information confidential from my manager because he was leaking it to the client's competitors before the client obtained the information.
However the SF incident is beginning to look a lot like a personality conflict that escalated into the worker witholding information as industrial action against dismissal and then the taxpayer funding the consequences of gross mismanagement.
The information should be kept somewhere in case of problems - it even appears from one article that this was the case in SF but once after threats of disciplinary action from something else it was all removed. Five million bail because a manager is unable to communicate with a worker and has to abuse the criminal justice system to sort out something that should have been dealt with internally and would have been avoided if there had been a fallback person in the first place. No matter whether Childs was malicious or not this sort of outcome can only occur via mismanagement - somebody else should have been available to cover for things.
This (separation of duties) actually caused us quite a bit of trouble at my last job with a SMB. It was just me and my boss, and per SOX requirements since my boss was the IT Manager (i.e. approval authority) he wasn't allowed to have any admin passwords! One suggested solution was to keep someone trustworthy FROM ANOTHER DEPARTMENT in the loop on admin accounts. Unfortunately, since the IT systems encompassed material from all departments, this would also be a conflict of interests per SOX. So we just crossed our fingers and hoped I didn't get 'hit by a bus'.