Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Networking IT

SF Not an Exception In Giving IT Too Much Control 245

CWmike writes "The city of San Francisco's IT department is certainly not the exception when it comes to allowing just one person to have unfettered rights to make password and configuration changes to networks and enterprise systems. In fact, it's a situation fairly common in many organizations — especially small to medium-size ones, IT managers and others cautioned in the wake of the recent Terry Childs incident."
This discussion has been archived. No new comments can be posted.

SF Not an Exception In Giving IT Too Much Control

Comments Filter:
  • God complex (Score:5, Funny)

    by daveywest ( 937112 ) on Friday July 25, 2008 @01:46PM (#24339323)
    What was it they said in the 80's about the most common admin passwords?
    • by pwnies ( 1034518 ) * <j@jjcm.org> on Friday July 25, 2008 @01:48PM (#24339353) Homepage Journal
      "1, 2, 3, 4, 5...the kind of thing an idiot would have on his luggage"
      -Spaceballs, 1987.
      • by oodaloop ( 1229816 ) on Friday July 25, 2008 @01:53PM (#24339427)
        That is the combination to my luggage, you insensitive clod!
        • Re:God complex (Score:5, Insightful)

          by ShieldW0lf ( 601553 ) on Friday July 25, 2008 @02:03PM (#24339585) Journal

          The subject of the article is about one central admin having too much control over too many machines, and the risks that entails when they go bad.

          Which makes a person wonder... how much worse when billions of consumers are giving total control over all their machines to a centralized authority through Trusted Computing and Vista?

          I mean, what happens when Microsoft goes bad?

          • When?
          • Hmmm, What were the 80s and 90s like?
          • by Panaqqa ( 927615 ) *
            Uh, what do you mean WHEN Microsoft goes bad?
          • Re:God complex (Score:5, Insightful)

            by smooth wombat ( 796938 ) on Friday July 25, 2008 @02:41PM (#24340165) Journal

            and the risks that entails when they go bad.

            It's not just when they go bad. What happens if they get run over by a bus or a stampede of wildebeests? If they are the only person to know the admin passwords, commands, etc, they are the single point of failure, regardless if they go bad or not.

            Just as we harp on backing up our files (um, yeah), we also need to harp on a backup for the admin. There should always be someone else, even if it's the mayor, who also has the list of admin passwords.

            • Re:God complex (Score:5, Insightful)

              by JCSoRocks ( 1142053 ) on Friday July 25, 2008 @03:31PM (#24340879)
              I use the bus example pretty regularly. It's the same reason that I expect documentation for everything. Is writing documentation fun? no. Is it necessary? Perhaps not... but does it save days, or possibly weeks from being wasted? Yes.

              As far as I'm concerned... passwords are just the beginning. Configurations and such can also be a nightmare to replicate when they're undocumented. Ever stepped into a project where they only guy working on it is gone and you have to figure out how to setup your machine / development environment just to get it to run? It's awful. All of the "don't install that patch, it ruins everything" or "you have to install these components in this order so that they don't interfere with one another" is gone and you have a horrific puzzle before you.
              • Re:God complex (Score:4, Insightful)

                by Vancorps ( 746090 ) on Friday July 25, 2008 @04:05PM (#24341469)

                I came into the same philosophy as you a few years ago when I was in the position where I took over a network that was completely undocumented. Now I have Visio diagrams and written explanations of almost everything including a complete inventory of what I have on what network at each site.

                I started it with the idea of the bus principle but I've come to rely on it myself as I'm the only admin and so I often have parts of the network I don't touch for a year at a time. This means I forget how things are put together so I refer back to my own documentation. Works every time.

            • Re:God complex (Score:4, Interesting)

              by Vancorps ( 746090 ) on Friday July 25, 2008 @04:02PM (#24341425)

              Ya know, I would kill to have another person around with the same skillset that I have but it just ain't gonna happen. Periodically I print out a report of all my passwords and lock them in the safe of the CFO. That way if another admin comes in because I got run over by a bus or more likely in my case, got in a horrid car wreck going well into the triple digits he or she can read my documentation and gain access to the system.

              Not the best solution but it works since they refuse to hire me help even though I am way overworked increasing the likelihood I will kill myself traveling to and from work at all hours.

              • Re: (Score:3, Interesting)

                by moxley ( 895517 )

                This is exactly what I do too - only, in addition to passwords the document is about 4 pages long and lays out everything someone coming in from the outside would need to know to run our network and servers. It is kept in the safe of our Managing Director.

                I think a lot of people just don't understand this Terry Childs story. I know a lot of situations like this where one person in IT has all of the administrative control.

                I feel for the guy, and think that, possibly, there may even be more to the story. I am

                • Re: (Score:3, Insightful)

                  by Vancorps ( 746090 )

                  Yeah, I imagine he was aware of a lot more than most other people as admins usually are. I know that I have much more information about the company and how it operates along with its goals than I necessarily need to do my job but it's the nature of trust.

                  You have to be able to trust your admin so you should treat them accordingly. That is the first mistake of most employers these days. They treat everyone like dirt including the people that can burn them really badly because they don't understand how much

          • Re: (Score:3, Insightful)

            by TRRosen ( 720617 )
            Unfortunately this article is about one periphery admin that had control over only a few routers. The rest has been made up by the city and the media.
          • Re: (Score:3, Insightful)

            by wealthychef ( 584778 ) *
            This is all a red herring. Any administrator has sufficient privs to block out all other admins should he/she want to. So even if you give the password to five people, it doesn't help, unless I'm missing something.
    • Re: (Score:3, Interesting)

      by Z00L00K ( 682162 )

      Now - it is also important to understand that the IT department isn't some fringe function of a company that can be handled and accessed at will, it is today the backbone of many organizations and as important as the accounting division but much more complex.

      This means that you must have a reasonable way of handling the IT department. But it is also necessary to check that a single person can block the whole solution. The latter is virtually impossible to resolve since physical access to servers will allow

  • by pwnies ( 1034518 ) * <j@jjcm.org> on Friday July 25, 2008 @01:46PM (#24339325) Homepage Journal
    I really think this type of thing is inevitable with this high level of a network admin. There comes a point where the complexity of the network you manage means that you simply can't report all the inner details and workings to a manager or overseer. Not only that, but with the speed that computers advance, hardware becomes obsolete within a decade, and new talent often times wont have knowledge/capabilities/will to deal with the older hardware that builds up in operations such as these.

    Sadly I think the only thing one can do with things this size, is appoint someone and pray he isn't chaotic evil.
    • by The Warlock ( 701535 ) on Friday July 25, 2008 @01:52PM (#24339391)

      No, that doesn't work. What if, instead of just refusing to divulge the password, Childs had shot himself in the head or gotten hit by a bus or something. He locked down his network so well that only through a password that was only in his head could anyone have admin access.

      • by Aphoxema ( 1088507 ) on Friday July 25, 2008 @01:57PM (#24339473) Journal

        While more people should have had access to the network were it ever really needed, sometimes the only really efficient way to take care of a really intricate and dedicated task is to have one person do it all.

        He certainly could have been more responsible about it though and prepared assistants to understand exactly how it worked, but who knows, maybe he really was trying to document his system for others but management got in the way of anything productive. That's what management's for, right?

        • Well, at my job management stays the fuck out of the way.

          This may be less productive in the long run. For example, I'm posting on Slashdot right now.

          But the fact is, when you have a complicated system, you need to make sure that more than one person understands it. Sure, in this case it was done with malice aforethought, but a situation where Childs got hit by a bus the day before he would have otherwise locked everyone else out is not hard to imagine.

        • by MightyMartian ( 840721 ) on Friday July 25, 2008 @02:27PM (#24339945) Journal

          This whole "I'm unique and a genius and only through my incredible mental powers does this network keep running" schtick was idiotic long before the lunatic out SF decided that he was God of the Network and beyond any of the Powers that Be. Yes, it's true that complex networks can be tough to explain, and yes, I can well understand why the architect of a network might not want someone else screwing with the configs, but come on, at least a few of us have been faced with having to untangle a complex network config. For the most part, I find the really complex ones I've had to deal with were more due to a distinct lack of ability rather than because the guy was some supergenius. Make some decent network diagrams with good descriptions of what various routers, servers, etc. do, and a reasonably well-trained and/or experienced network guy will likely be able to figure it out. It might be painful at points, and if the old guy is truly gone (rotting in prison because he's a narcissistic wanker or because he got hit by a bus) it might take some work, but providing the configurations aren't some sort of spaghetti routing tables, it should be reasonably possible to pick it all up.

          I'm sometimes wonder whether guys like Childs are more hiding their own inadequacies than trying to protect the network from incompetents. I've done a few configs that I've been a little embarassed about, but because of time constraints I went with the flow and hoped either it would stay working or that I'd get a chance further down the road to clean things up.

          At any rate, I think it's the head of any IT department's job, implicit in that very position, that the network architecture have some documentation, and that things not just be stored in one's cranium.

          • Re: (Score:3, Informative)

            by jellomizer ( 103300 )

            Luckily these people are becoming less and less common. Why?

            Bosses are getting smarter. Some of the bosses actually come from an IT background and know what is going on.

            Computers are common. People even Non-IT people are use to using computers, and have a general high level idea what is going on.

            SOX and ISO documentation is part of the job now not just a nice to have.

            Global Competition, Big fishes in small ponds have been tossed into the ocean. Are you sure you are smarter then everyone else.

            Saying it can't

            • Childs was arguably the smartest technical person willing to work for SF; outsourcing isn't really an option with him.
            • Re: (Score:3, Informative)

              by Bandman ( 86149 )

              If something can't be done (by you) and it needs to be done, then what's wrong with bringing in a consultant?

              You're not in competition with the guy, he's an expert at whatever you're hiring him for, not to do your job.

              When you hire the consultant, just make sure he's not the kind who works behind a closed door. You're paying him to share information with you too, so that you can do general administration on the subject later

          • Re: (Score:3, Interesting)

            by jackspenn ( 682188 )
            I know what you are saying, but I don't blame Childs, I blame city workers who out of their own laziness let him do/control everything.

            I mean think about it, do you think that there was just one person hired in all of SF to manage the network? Exactly, there were people getting paid and not producing. People giving up their freedom in return for promises of stuff without effort. (AKA socialists, communists, freeloaders, hippies,but not all hippies, some of my hippie friends are cool, etc.)

            Those are
          • Re: (Score:3, Interesting)

            by Burning1 ( 204959 )

            Exactly!

            I learned a long time ago that there is more value in producing a simple, robust, reliable, and reproducible environment than spending all my time and energy milking 10% more out of a configuration that no one else will be able to understand or maintain.

            If your system is so complex that someone of half your ability couldn't be trained to maintain or operate it it, you are incompetent. Experience is knowing the best way to support the long term goals of your environment. Experience is not about being

        • And by SOX separation of duties, only certain people are allowed to know/do certain things.

          Childs having the only password protects against someone else screwing with logs or data.

          Hmmm.. 1 bad incident of a bad admin that was minorly costly and annoying vs numerous incidents that have cost billions of dollars where executives had the data changed.

        • by why-is-it ( 318134 ) on Friday July 25, 2008 @04:53PM (#24342165) Homepage Journal

          While more people should have had access to the network were it ever really needed, sometimes the only really efficient way to take care of a really intricate and dedicated task is to have one person do it all.

          I do not agree, but even if what you say is true, that just goes to show that efficiency isn't everything!

          In the enterprise space, it simply isn't possible to have one person design, implement and operate a non-trivial environment. There aren't enough hours in the day to do all that is required, and I (for one) would like to have a bit of free time - even if all I do with it is sit in front of my playstation.

          If the work is so complicated and the deadlines so tight that only one person can pull it off, the project is a disaster waiting to happen. Truly competent technical staff would be the first to escalate that situation to management, rather than indulge their inner megalomaniac and try to do it all solo.

          I think we nerds tend to focus on the really cool technology so much that we fail to see the big picture. When you step back a moment, and put it all into perspective, it does not matter if I work 7x24x365 to complete a really complex project on my own. It _really_ does not matter if the design is incredibly elegant, the implementation flawless, and the cut-over into production goes as smooth as silk if one mis-step in front of a speeding bus renders the whole thing an unsupported mess the first time it breaks.

          While some might mourn my passing, the lack of documentation and shared knowledge and experience will have reduced all of my heroic efforts to a complete and utter waste of time.

          My obligation to my employer isn't to hoard knowledge and information to myself - it is to share that knowledge and information with the other members of my department. If I bring everyone else up to speed, I can have a few week-ends to myself because even the most junior member of the team can step up and help resolve problems if the knowledge base and procedures are thorough and well-documented.

          Coming from that perspective, I am unable to find much sympathy for Childs or his former employer. Both have demonstrated extraordinarily poor judgment and are paying the consequences for their lack of professionalism.

          (I have to say though, I'm not sure Childs deserves to be in jail, or face such an absurdly high bail amount.)

          maybe he really was trying to document his system for others but management got in the way of anything productive. That's what management's for, right?

          We nerds tend to interpret "productive" differently than management does. I'm sure most would agree that sitting in front of the keyboard actually doing UNIX-related work qualifies as productive. Management might place a higher priority on documentation, or training other team members as equally if not more productive tasks.

          I work in a large enterprise environment and most of my time is not spent at the command line. Most of it is spend communicating with other departments, with my own department, with project teams I have been assigned to, with various levels of management, and with vendors. While I would not have thought so at the beginning of my career, I now see that effective communication skills (which includes listening to others) plays a greater role in being successful at my job than what I do at the command line.

      • Re: (Score:3, Insightful)

        by geogob ( 569250 )
        While I was managing servers and network equipment for a small organization, I was for a very long period of time the only one to possess the low level access password for the equipment I managed. At the time, I was the only person responsible for all IT related affairs and I did not feel anyone else in the organization had the technical knowledge and integrity to posses these access.

        On the other hand, all these access and relevant documentation was sealed and under lock with the instruction only to be re
      • There needs to be a recovery plan in place, but it's often not practical to have complete redundancy of the "the sysadmin is dead long live the sysadmin" variety.

        As long as the system is stable and there is a process for succession of admins, thats about as good as it gets. And there will be "gotcha!" moments, and crap like that, but that is true with all IT gigs.

      • Have two vaults. Different locations. In vault is a file cabinet. Each system which requires unique passwords has it's own file. The file is secured so that it has to be opened and proof of that occurring must be evident. Access to the vaults are recorded.

        We always joked about someone getting hit by a bus and suddenly dieing with the admin passwords to their system in their head. Well, it wasn't a bus, but it happened. We had such vaults and we had admin access which allowed us to reset other admin

    • Re: (Score:2, Funny)

      by Wiarumas ( 919682 )
      One Word: Skynet

      Singularity ftw.
    • "...and pray he isn't chaotic evil."

      well, at least there's an 8 out of 9 chance that's the case.

    • by hurfy ( 735314 )

      lol, our little company doesn't even have anyone else that write basic reports in our sucky report writer much less anything more advanced :(

      On the other hand there are no complicated networking stuff (not handled by contract on the main system) or anything so complicated someone couldn't fix or replace it all.

      At least being the boss' son and set to inherit it fairly soon there is no threat of me going rogue :)

  • ...you're doing it wrong.

  • I mean, really. What do we have now? The guy loses control, flips out, locks everyone out of the system, they are down for who knows how long as they bring in crackers and consultants and what not, and the guy goes to jail.

    But...

    If you just waterboard the guy, until he coughs up the password, the system's not down for really any longer than it takes a Windows Update to screw everything up, so you can just let the guy who locked you out walk, instead of putting him in jail or prison for who knows how long.

    Waterboard in this case would be simpler, safer, and better for everyone.

    • One reason for not using torture to gather information is that the information gathered is typically unreliable. That is people will say anything to make the pain stop, regardless of whether it is true or false.

      For password retrieval, where it is simple to verify the truthfulness of the response, that reason doesn't apply. So, I think your proposal has merit.

      Remind me never to take a sysadmin job. :)

    • And the best part? Cracking could be illegal, according to the DCMA. Waterboarding? Its legal!
    • Actually he did not do any damage and left the system in a safe state. Since there was no damage done, SF has no claim against him.
      • by jeiler ( 1106393 )

        Actually he did not do any damage and left the system in a safe state.

        A system that is one power-blink away from catastrophic failure with recovery specifically disabled is not in a "safe state." Though I quite accept that Childs was not malicious, he still screwed the pooch.

        • The system had been like that for quite some time; it's reasonable considering the level of physical security in branch offices.
      • Making it impossible to manage should something go wrong *is* a sort of damage, albeit intangible.

    • I mean, really. What do we have now? The guy loses control, flips out, locks everyone out of the system, they are down for who knows how long as they bring in crackers and consultants and what not, and the guy goes to jail.

      You should read the articles. It sounds like the Terry Childs's security policy, which his superiors and co-workers all knew about for a while, was to lock everyone except himself out of the routers. The city later hired a security officer, who pointed out the obvious risks in having one guy with all the passwords, so management pressed Terry for the passwords. Terry, thinking that management (or other incompetent fools) planned to do stupid things that would break the network, refused, and management th

  • by Harmonious Botch ( 921977 ) * on Friday July 25, 2008 @01:48PM (#24339351) Homepage Journal

    I forget who said that "an elephant is a mouse designed by a committee." Sure, you can get paranoid about network design and control, and give the job to a committee. But that is going to be really clumsy.

    The issue here really is not about size of the design team, it is about vetting the guy who does it. ( The guy who is in charge of the network for my business is someone who I really know and trust. He was best man at my wedding. )

    • by Spad ( 470073 ) <[slashdot] [at] [spad.co.uk]> on Friday July 25, 2008 @02:01PM (#24339553) Homepage

      So he's going to change all your passwords *and* run off with your wife?

    • The issue here really is not about size of the design team, it is about vetting the guy who does it. ( The guy who is in charge of the network for my business is someone who I really know and trust. He was best man at my wedding. )

      What happens when he is hit by a big red bus?

      • What happens when he is hit by a big red bus?

        I do think that may be a valid crossover point. IE my company provides life insurance of 2.5x salary. The IT I take care of (not my main job, but I am the only IT guy) could be completely re-done in a week for significantly less than 1x my annual salary, plus downtime of 0.5X my salary.

        Therefore if the death of the friend, and associated costs, is significantly higher than the cost of replacing the current un-documented work. Then that scenario shouldn't weig

    • That's hardly a qualifier. It's not like your best man is holding the rope to keep you from falling into molten lava. My brother was my best man, but that doesn't mean I'll trust him with my money or lively hood.

      • It's not like your best man is holding the rope to keep you from falling into molten lava.

        The guy got married! Clearly, the best man wasn't holding the rope right. :)

    • by Zadaz ( 950521 )

      Now I have to get married to find an employee worth trusting?

    • by B5_geek ( 638928 )

      "an elephant is a mouse designed by a committee."

      The actual quote is: "A camel is a horse designed by a committee." And http://en.wikipedia.org/wiki/Design_by_committee [wikipedia.org] Wiki attributes it to Vogue.

    • I forget who said that "an elephant is a mouse designed by a committee." Sure, you can get paranoid about network design and control, and give the job to a committee. But that is going to be really clumsy.

      It depends on how the committee is set up. If the committee only has to sign off that they understand what the person is doing, could take over if necessary, and the person is not capable of being really evil (technically restricted from it), but not that the solution is well-designed or state of the art,

    • Re: (Score:3, Insightful)

      It's about having the guy who knows everything to document it all.

      I used to be that guy who knew the entire project. I thought it was crucial for me to know everything, so I remembered everything. All the minutiae, I knew back and forth. No single person on the team had that breadth of knowledge. Thus, I was working all the time.

      Then I started to document everything in memos. I sent them around. I recorded everything. It took a whole bunch of time, but it was the best investment ever. I could delegate my w

  • "Childs, an employee working for San Francisco's IT department, used his privileged access to lock everyone out of a crucial network for days."

    I wonder if it wasn't an intentional lockout, instead someone realized all of a sudden that Childs was numero uno and saying "GIVE ME THE CODES NOW!" and when he didn't someone had a hissy fit and took things very far very quickly instead of competently sitting down and talking with Childs fairly.

    • by SQLGuru ( 980662 )

      Did you not read any of the articles? Oh, wait, I'm on /. Basically the guy sees the writing on the wall and includes the password equivalent of a dead-man's switch......switch goes off and he's the only one with a key.

      Layne

      • Basically the guy sees the writing on the wall and includes the password equivalent of a dead-man's switch.

        Not according to insiders. He had *always* had the routers configured to clear when someone tried to guess the password, long before any of this started. Why he did this, I don't know... it seems extreme to me but for some networks it's probably appropriate... it IS a standard configuration in the routers. It sounds like someone or something convinced him that this was "best practices" for security, so

        • Maybe just almost-rational paranoia to keep someone from breaking into the network at some location to get confidential information... even though if someone has physical access to the router they've already gotten close enough.

    • by The Second Horseman ( 121958 ) on Friday July 25, 2008 @03:25PM (#24340779)

      Supposedly that's it, according to some of the articles. He thought a lot of the others were screw-ups, so he kept access to himself. Everyone seemed to know it, as well, right up to the top of the IT organization. A new security person was hired, and that person didn't like the situation (may have come up during some sort of review). They made a point of asking him for the passwords, which he interpreted as "hey, we want to screw up the network - you know, the one you feel really possessive about" and refused. Didn't seem to recognize the authority of whoever delivered the message (don't know if it was the new security person or not). They then sent the police after the apparent master criminal.

      Also, while they couldn't make configuration changes (that's what "locked out" meant apparently), the network continued to run, even without his intervention. So he might've been a doofus about this issue, and for all I know a total jerk with no people skills, but it sounds like (crazy access issue aside) he knew his job pretty well.

      I suspect the new security person (who for all we know is more of a policy person than a technical person) handled it badly on their end as well, and may have gone for a club (formal meetings, demands) when a lunch conversation might've done the trick. The guy shouldn't have held onto exclusive access, but it sounds like the security person didn't handle it well. Apparently, that individual now fears for their safety, which I suspect is either an overreaction or a further attempt to demonize Childs to make it seem like whatever actions taken are justified.

  • Not news to nerds (Score:5, Informative)

    by iamhigh ( 1252742 ) * on Friday July 25, 2008 @01:52PM (#24339401)
    They claim that you should have more than one person that knows the password and configuation of the network. I work mainly in small-mid sized business; I have never heard of only one person knowing the password. In fact, the smaller the business, the more the owner wants to know the password (IME). Generally IT doesn't want $random_user to have the admin passwords. Also, everyone that has them is another person that can potentially "lock down" the system (see third para).

    The configuration? Well I am not real sure what they mean? Basic configs such as IP addreses and such have been documented at even the shoddiest implementations I have seen. Plus, if you know how to run that server, you probably know or can find and make changes to the "configuration". But if there is only one person at that company that knows that server/technology, well then there is probably only one person that knows the configuation! What should the accounting manager know how to run our servers?

    But the bigger issue is that in a SMB, and in my current positions, I could CHANGE THE PASSWORD!!! Doh, they forgot that you can do that!

    TFA goes on to say things about hiring an administrator and then an auditor for the admin. WTF? Never heard of this happening in my career. I do know the military uses these methods, but that makes sense for them. The average sign printing company (even a 200 employee company) can't do that.

    TFA highlights a situation that we all knew existed... and didn't even give a (reasonable) proposed solution.
    • Re: (Score:2, Informative)

      by GSMacLean ( 1333075 )

      It happens. I was called in to try to rescue a small web shop's hosting business. The hosting business was a side business of the web design shop, with two web servers, a database server, and a mail server. All the hosting stuff was run by one guy, he was the only one who knew the passwords, and they unfortunately went with him when he died on the operating table. Five months later, when the increasingly unpatched servers started falling victim to attacks, they called me to try to fix the mess. Of course th

  • by mrroot ( 543673 ) on Friday July 25, 2008 @01:53PM (#24339415)
    When you have already laid off everyone and downsized your IT department to so few employees, its kind of hard to avoid having a single person with so much power.
    • by Nymz ( 905908 ) on Friday July 25, 2008 @02:32PM (#24340025) Journal
      Everyone knows the name of Terry Childs, but how many people know the name of the manager(s) in charge, the ones responsible (or negligent) for letting this situation continue until it got to this point.

      "You asked for it, you got it." and you are spot on because if they don't correctly assess this current situation, and assign blame to the deserving names, then they are only 'asking for it' to happen again and again.
    • Indeed.

      And... you wanna' know the best way to lose all your data and not no how it disappeared:
      Be careless with who you give you passwords to.

      Reminds me of a conversation I had with one of my ex-bosses:
      ME: I have complete access to everything on our network.
      BOSS: Then what keeps you from reading my e-mai?
      ME: Ethics.

      Unethical people do unethical things... this isn't an I.T. issue, it's an H.R. issue.

      I've always been the one or one of the very few people with omnipotent access of every system in the companies

  • by markov_chain ( 202465 ) on Friday July 25, 2008 @01:54PM (#24339431)

    Cisco should start selling Childs-proof routers! *rimshot*

  • Business Mad Libs (Score:3, Insightful)

    by bill_mcgonigle ( 4333 ) * on Friday July 25, 2008 @01:57PM (#24339469) Homepage Journal

    Yes, this is prevalent. Unfortunately, no, it has precious little to do with IT.

    This quote from TFA is quite true, but universally so. Let's play Business Mad Libs:

    "Single points of failure are always bad," said John Pescatore,
    an analyst at Gartner Inc. "There should never be one person who is
    the only person who knows ____ MISSION CRITICAL INFORMATION ____."
    Companies need to make sure there are at least two if not three people
    who share the knowledge of ____ BUSINESS PROCESS______. "As a minimum,
    require it to be documented and stored somewhere if personnel
    limitations say you can't have personnel with overlap," Pescatore said.

    Have fun playing the accounting, regulatory, legal, and R&D versions, just for warm-up.

    Now, if the business managers weren't smart enough to either know this applied to IT as well as their other divisions, or not smart enough to not recognize that that they needed outside advice on how to apply business rules to IT - well, you have to wonder how well the other parts of their businesses are running.

  • This is silly (Score:5, Insightful)

    by peipas ( 809350 ) on Friday July 25, 2008 @02:01PM (#24339541)

    Of course there will be people in IT who have power, and of course that power can be abused.

    Somebody at a television network has the power to broadcast rocking horse porn if they want to as well and there is no time machine to unrock that horse.

    The articles hypes up one person being able to abuse power as if it were unique to IT and suggests a remedy that more than one person should have this power, as if this had any bearing on anything, e.g. the ability for the abuser to simply revoke access to others. What, somebody else should be assigned the exclusive ability to revoke? Then that person is the potential abuser. This is silly.

  • What "incident"?? (Score:5, Insightful)

    by Jane Q. Public ( 1010737 ) on Friday July 25, 2008 @02:01PM (#24339551)
    Apparently, a bunch of idiot managers realized all of a sudden that they had GIVEN one person control over a major network, and tried to seize back control. Also apparently, he did not trust them to keep it running properly. (And also apparently, rightly so.)

    So where is the "incident"?? What did he do wrong?

    By law he might have done "wrong" by not relinquishing the passwords immediately. But by the people of San Francisco, he may have saved them a lot of trouble and headaches. So, he was faced with a dilemma: obey the law, or do the right thing.

    Sad.
  • by Shaitan Apistos ( 1104613 ) on Friday July 25, 2008 @02:02PM (#24339569)

    Whenever I register for a site where my email address is my username, the password I use happens to be the same password that I use for my email account.

    With that in mind, I'm going to go ahead and not express any opinions on security.

  • You say potato... (Score:3, Insightful)

    by mweather ( 1089505 ) on Friday July 25, 2008 @02:03PM (#24339591)
    You call it dangerous, I call it job security.
  • by ZonkerWilliam ( 953437 ) * on Friday July 25, 2008 @02:05PM (#24339623) Journal
    It's called Seperation of Duties [wikipedia.org].
  • HA! (Score:5, Interesting)

    by Splab ( 574204 ) on Friday July 25, 2008 @02:13PM (#24339739)

    As if it's ITs fault. Most companies I've worked at I have pointed this very situation out and usually get overruled based on the cost of doing it "right".

    (It isn't enough to have several people with the password, you need to know how to recover if you lose total communication with the guy responsible - ig. died.)

    Also it isn't just IT. Last months pay got delayed at my company, which really shouldn't happen since KPMG is responsible for taking care of payments for our company. The reason? The lady responsible for authorizing the transfer was the only one with the passwords to do so, and she was in labor.

    • Replacements? (Score:3, Interesting)

      by phorm ( 591458 )

      I know people in various industries who consider obscure hacks, lack of documentation, etc "job security."

      To me, being the guy who can do it all is great for job security, but the flip-side is that if you're the *only* guy that can handle things... sure, you're semi-irreplacable, but that applies equally to being fired as when you want to take a day off or holiday. Personally, I prefer work-competence as a reason for not being fired, and documentation/standardization as a way to ensure that somebody else ca

  • by jackspenn ( 682188 ) on Friday July 25, 2008 @02:18PM (#24339817)
    Some people on /. think it is best to have one knowledgeable person with all the information so that confidential information is not leaked or changes made without the lead guy being aware.

    Others think of the bus rule, what happens if the guy who knows everything about mission critical infrastructure components gets hit by a bus?

    That is why I have taken a page from the Sith Lord Darth Bane and apply the rule of two. When I build a network I teach and train one apprentice. Then if they suck I fire them and hire a replacement, but if they are good, when I get bored and decided to move on, I feel confident they can take on a apprentice themselves.

    It is neat, clean and simple, better still it doesn't have the rules and complexity of Jedi type systems requiring me to check in docs to a source control system, report changes to managers what don't understand, have managers that don't understand sign-off on things they don't understand and avoid dumb rules like not being able to train techs that appear to old, etc.

    Yeh, if you ask me the Republic, I mean Network as a whole is best off with Sith types in charge versus bureaucratic Jedi types.
    • I have given out our "master" passoword, and I don't understand what the problem is with other people doing it. The President has 1/3 of the password, the HR director has 1/3, and the lawyer has 1/3, all locked in seperate fireproof safes, in seperate buildings. If things really go bad, or I get hit by a truck, the three of them can get together, and get the password, and give it to my replacement...

  • by 99luftballon ( 838486 ) on Friday July 25, 2008 @02:18PM (#24339823)
    The more I see on this case the more I think Childs is being set up as a scapegoat. The guy built the networking side from scratch and it seems management were happy with him running it with sole admin rights. Then a new admin comes in and he freaks out and gets overprotective. And a $5 million bail? Murderers don't get that much.
  • ...take five minutes to learn enough about the system to notice when something's going wrong? Anybody who has access to a big, important system like this has power. The problems arise when only one person knows enough about what he's doing to actually use it.
  • Has anybody else noticed that these reports of gross IT mis-management are almost always government related?

    I think there was another story on slashdot, a while back about some guy who accidentally deleted one billion dollars worth of records, and there was no backup. When I was in Florida, there was some scandal about the state spending millions on this new welfare computer system, and the entire thing was borked, so they hired the same company to fix it, and the company borked it again.

    Sure, we laugh at t

    • Re: (Score:3, Insightful)

      by Shados ( 741919 )

      Thats because only the government related ones concern the public. This stuff happens all the time in the private sector. However, private companies can die, the government cannot (as much as some people around here would like it to)

  • The administrators *need* access to the highest level of security. Maybe software and operating systems as a whole need to be rebuilt in the shape of a military complex where sensitive access does not have to be granted to the builders.

    But, hey, even the builders see the vaults before they are used.

  • This is a question of management not hiring enough people to do things right. What happens if the one guy who knows everything goes on vacation? If he never went on vacation, no one would say boo because, in our warped culture, having a desire to do anything but work around the clock is somehow abnormal.

  • by phorm ( 591458 ) on Friday July 25, 2008 @02:36PM (#24340103) Journal

    Seems to me that in many cases, the IT department may be rather grossly understaffed (either in terms of # of staff, or # of experienced staff).

    Many places I've worked end up with a Lord-of-all-IT situation simply because they haven't got anyone who can replace him* or back him up, or weren't willing to pay for backup/additional/experienced staff.

    * male gender used for convenience purposes.

  • by mlwmohawk ( 801821 ) on Friday July 25, 2008 @02:39PM (#24340143)

    One of my first jobs was a bank teller. Our passwords were sealed in an envelop, which we initialed, and locked in a vault which needed two keys to open.

    If the two officers needed my password, they'd open the vault, open the envelope, breaking my seal (letting me off the hook of responsibility).

    IT has to learn from banks.

    • Re: (Score:3, Insightful)

      by AeroIllini ( 726211 )

      The problem was not that he was the only one with access, although that is an issue in small IT departments. No, the problem was that he had enough access to change all the other administrators' passwords. Lots of people had access to the systems, and there were probably procedures in place to name a successor in the event that Childs was fired or hit by a bus. Instead, Childs changed everyone else's password and locked them out.

      The only way to protect against that type of an attack is to make the Administr

  • by Schraegstrichpunkt ( 931443 ) on Friday July 25, 2008 @02:45PM (#24340257) Homepage

    It really depends on who the "one person" is. Committees rarely design good crypto algorithms or protocols, for example. On the other hand, if you just pick the "one person" at random, you risk picking the wrong person.

    I guess it's sort of like picking a dictator. If you pick the right person, and hold that person accountable, they will get things done more efficiently than a committee. If you pick the wrong person, they will get the wrong things done more efficiently than a committee.

  • Duh (Score:3, Interesting)

    by giminy ( 94188 ) on Friday July 25, 2008 @06:25PM (#24343389) Homepage Journal

    I've written this one before.

    When you have IT people, they're going to have control of your IT infrastructure. Sorry, but there's not much you can do about that. They need access to your data and your equipment to do the job that you want them to do. You'd better find trustworthy people.

    This is kind of like complaining, "I have a chaffeur, but I'm nervous that he might go crazy some day and drive me off a bridge, or head-on into a semi." Yes, that is a risk that you'd face by having a driver. And I'm sorry, but no amount of technology gobbledy-gook is going to prevent disaster if your driver does, indeed go crazy.

    You face risks whenever you have someone do something for you -- that they might do it wrong, or that they might try to screw you. You're giving them control of some portion of your life. If you're not okay with that, or you don't trust the person that you've hired, you'd better rethink whether you're in the right business...

If you can't get your work done in the first 24 hours, work nights.

Working...