|
|
|
What if You Fell Through a Manhole?
By: Larry Seltzer
2008-07-20
Article Rating:  / 14
There are 6 user comments on this Network Security & Hardware story.
Having only one person with critical knowledge in an organization is an inherently dangerous situation. You don't need malice for it to blow up.The most striking fact about the San Francisco network lock out case has been the absence of details that would allow an informed outsider to say "Oh, that's what's going on." We've been left mostly with vague accounts from spokespeople.
But one thing must be true of this incident: Administrative controls in San Francisco government IT were inadequate. You don't need to imagine a rogue administrator; whether this is such a case or not, in order to know that better controls are necessary. What if Terry Childs had fallen through a manhole, been hit by a car, or ate some bad tomatoes. If critical information exists only in the brain of one person, that person is a disaster waiting to happen.
I had early exposure to this problem. A week or two before I got laid off from my first job (writing a 4GL product), my boss quizzed me about how well-documented my work was, and he actually asked, "What if you fell through a manhole?" Lucky for him, perhaps not so lucky for me, I had done an excellent job documenting.
IT in a large organization like, for example, a major city government, must be more organized than that. It's clear from the incomplete reports I've read that Terry Childs, the jailed SF admin at the center of the story, was in charge of the city government FiberWAN. He designed and maintained all the FiberWAN routes. He was the only one who had the administrative credentials for it and, for a time, nobody cared. After all, the FiberWAN ran well and Childs was pretty much always available if there was a problem.
If, in fact, the situation existed for months or even longer where Childs was the sole effective administrator of the WAN, with no backup in personnel or documentation, then it's his superiors' fault for letting the situation develop so badly. I've read some talk about how maybe Childs had been listening in on privileged communications, and I suppose he would be in a position to do so. But the news we're getting is almost exclusively from prosecutors and other city officials with no interest in giving Childs' side of the story. You have to be somewhat suspicious of the news.
On the subject of passwords specifically, there are products available to manage access control in such a way that no one person gets this sort of exclusive control. CA Access Control is one example, although it seems focused on host systems. If the credentials in question are over Cisco equipment, as may be the case here, I'm not sure what access control options there are. But at the very worst, there should have been manual human procedures to follow to provide some level of redundancy and division of control.
Of course, if Childs has passwords and is refusing to divulge them, or wants to negotiate for their release, then he should divulge them immediately. It's a bit perplexing to think that anything good could happen for him out of the sort of blackmail that is being described in the press. This means that either Childs is more than a little nuts or we're not getting the whole story (or both). But since that story comes from those who are prosecuting him, why should we expect it to be complete?
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack
| | Reader Comments: What If You Fell Through A Manhole? | | >>> Post your comment now!
| | access controLike I said in the column, there are products to manage this and ensure that no one person has complete control. Posted At: 07-23-08
By: Larry Seltzer | | | | | | How can we avoid this problem?I would like to know if there is a way to avoid the problem. Suppose we have a normal account A and backup admin account B (another person, login and... Posted At: 07-23-08
By: Roque Mocan | | | | | | Sometimes it works, sometimes not..." What if Seymour got run over by a bus? " was the reason we had TWO design teams at Cray...
Then that B@st@rd John Rollwagen took over..and ran... Posted At: 07-22-08
By: AnEx-Crayon | | | | | | A user comment on this articleAll my documentation is on a network drive, no local hard drives. I have written SOPS on about 50% of my work and I keep tasks documented in our... Posted At: 07-22-08
By: Duane | | | | | | Been there, done goodWell, this is right down my alley. I was hired in at a major electronics retailer back in 1998 to become the point person on the CTI portion of a... Posted At: 07-22-08
By: Blue Goose | | | | | | Controls At Your CompanyHi, I'm Larry Seltzer. What would happen at your company if you fell through a manhole? Posted At: 07-20-08
By: Larry Seltzer | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}r㶲s\@♵M=RJؖ�gRJEĘ"Hʶ~b:?qt�M�Ze2{&-�`�h
F;� IM��ל۔O]sSãw�$5]�2I=*rdz&9%G�jL7�R}f]S� k���kL|N�შ���:':@�.Pk< Z5��35ԗoˏ~e0��.ڎIQ6*6��O��մ�,lZ P8$H.�(
f�wm<"a}# $a��T6O(L|@��ɤ:ģz�r(˺79h4öۼC�ٰo4TiUE9*TR�9?Wcm9��U;�[k\)(e*G����q7�ںs��nm)9x]
Z
sruO}~N�6nx�9vtx/ȯ0wFD_*��QI-�i|/LZ@���/֓P� u/jzQҏZF-_ ԊhGZAAr��Ija�̳|�3�+i�*5$NߒM-~k~>EF,[�sAT4
行Ġ�K`Wk�2^tܜn/9n:MvIs!)|v�!5M0\ܱ8֪V�7`Kk'^�SQ�&�:aZ+U~Fb=jI�o]}<>$7�Yn[䗳9�0omYn_H.T|Y|ěy30si���2)�.ߦI�w[ ���atBjm҄&
�)B�:%uWϝ�5�>Hr
Ca)#8?��%W�i�8�@r5�)6�K .7R<�?o�dz!C�C�Z9nVȨ�U�SA%EI7CD� r23~�B(��PHQ��>�z%Kus7p@WM}rjNTʊ0Wr{gH
.�uƍv"e.ڽ^}�T��364>P�,I�!eݴ%�稫V)b1WJPX=*JMU~�_�q�-~~b2B��c�gLt tA`::)~ҧ#|>5և$!|�e��mxq=Z.3+ЍE��Xn`Nt�&HQp{4�ڭ�m=�K!PI}x�XS9�&z(tH h&r=�kI�ׇ.[??��
;
G`r]�ɝ�5�y0fkwCPb�(���զ�πCρY�\7 >)�@}�>g �)�nвc@�Ѥ7=�Y�K���ܺym&,@�PCb�;*����=�sy�?&4ğ;n'=d���+�Zsξ��
:���j\| �f�L�\?��K��==c"}NxxO��̍ �Ez�.�
�ڀ� ��DrAa T+�\�c¹й�٩'�7]�.��KI:�l��zԘ{BQ�7ߏ90gxWyd��.�3IR-���ʪZ��J:�_�
>玾�2�@.�̇�G>pZ�L�av"O`��%O,p�V�a_ﭡ>]Hk��)2)<:�-�7\U4Uud
XZ 0�X>A,C���Mt��Aj[�,���0ل2
�sDž5��y
֟Cgé�#�Sb_@UR�TʞwZu^��ߜ]pH1�)dQ@4@=]ZRk1o@�n<1ת��
�欭h�+RS�Jb/�86a!,";:Y5P,4gy3is3"k-_M�e�yr�n8z|�Hg\U�p�
"/^���IlLabDhby;@<}誦�C}0�YhRYpg#HY9Vߦs�jz>eV�A=jT�5A70p�Z�c=|&~e�
�&s#�d{���E;`S"�q�ubGymV@'�e�b
z`N���-v�4X�+m�h�.]>:L��h
z47DZ.��s����q�Iv/�W|�`5{~G�
X�>nq)%\.U��i� �{2u9pg埍~ƞnR� X%&ZiL$C�節e�2(Z7MBR%%!fͳ!VA#Ǹ.ɢ6A()xIH�
�9l�)�`�R(S=�Z�TX" .)D`�7ϰ��x;v�.b��MYV>cZ,nAyr�@ݎ�s{�q�m'Yc�.j2~��*A�?0TlʪV�4*ijARCs{@l_z̢tDqh2)iQ}}ōaY�����(yX|u���aEfT.jZ��l[)Uʹ�B!�i�q]C0
H\}PK�(��,�~w9ـo�|\V*Z�쇣d9C�T�`|"@-a'd8��'�l$ /pLa��V*��79o~.RHC+#I ���_�q��n0DB*nLpgGssb^f>A*o����$�/I4]S2��:;_�ݘ`�/ax�m$�Qԕº}wi�IAc[˾tڼ>c.&�~l�?<~u!o���9kwޟ{4{J��-�}U\ڿ��ˇݏ-s|Y^�ٷA��P �K1R#�bw}ɾ3zV^5[{隿F�>;o ���'��r��E}R|I{юy-%{�w;Oz��KC烬�F�!zNfS L
k;d8)@hdjm\8$Ø�/=�^q@چ�Wҽn9`R0c-IgBp���E06�y8a{6yy�_aY�,$20�!
I+U:=.�� �� kJ=!�ohuzWѩ�{mE2-����bT� _RJ�I"Q6#=)#�hY}ҽnrcKlo�}AFNd^v�Z-[N7S+d$
#?]Я8��݃�͟"�VRmZO{~@H�y�
?9/w�`�IB88e�n1�~x�A\~j_��eԉ(%4�\@���?m[=���Rv���PR)&Z�)�I;ɰ"
ݖ2p�9GK2)!M\�02L P6,O&y=%lQ1 i(KBih%��lbTHG�oO�wռ�6<1ޥ]晿BƗH|�͖�&�ė4 �y��)� -�|8SB[(GH
T䵤�
Zzl*$���:��S>A��x��9$gy/гO]ZEbݩc�s�c<�Im���6x�}y�:b1�?ݞneiܱ?�jw{操�~{Oj9ЛAS}AdnL�q;��X�z�}
H{O�,a�n;�;=?P.zZKrc�ܙX�n��˳�(q!~x�FM{@uS棏g�
95�'Ny�W7�N{m,d�a3foc_;
?-m-8t�砞C�TϏR%ɘNB�AWU-u+lko(j�Y9sJeOVr{x`�,�hg�Q�d1�0dƛq�+��=#tzooo=ȥ�֛q=*~�#'��w.�z@z@pSx6{Zg%QJ=�qM@kjir\<~^YZ�䑼D�qD%��t`�5o��14�m*z3=}z9[fv?kD:�>dO1\jc鼳��2��>
AYCVorlK9w@rs&�cx�2�'F[euw+[c�³��D`GHA|}gA� jm9��itpUE0p17$8\}5�ߊ:"YcCƓdǟ۲cr��sf2i��TWeTW/�__B�!]sѴg=.00Q�/sK[��^}:lQߏo%~2A+���X#qzW,d(�,r��SƁV,(X>ENT�(}�'Ih[L&;~.n!�#��{﮶� YMh4q9`����h�׆� hRe��xb~(���Vأw�CZΠc}VĆbAŠA�7eٯ
wܝR��J�Y,̗Aɒ+v�oWH:JCyc�"[�N��njY;ҪZE-�bd+ZHҚd�0x&"O!=/4Hb)�߭ģb(Ɛ��]_m����98`6_�Y%^Q"2J BӊoTJ{mi,CD,8o;u� @m6,;��Z�Aw+u�zyx*"UF-'Z~ƶ�Dg�zH z3)l,GX4�y�sL y4�w�]e!;Ĵ]�!?$W D.eLD�qWR,),���3sX[�ׅF7\IH�m`kO8�ю�lx�����]�1��KA �s��;nҙ�kl4q8N���᠈��� P?��FB`w�u� hhN$W�MRjے\H�SH£ �H{y�t;Saӄ�t2I�<�ʒ9U7l�4\$WA^ ҥO�ri.ɩtr�qFQ^0A"
K�B=�5SUI+lK�'T&��9Y+{�f$�̪��!9�Լ%�,!l_Tʥji+ҍ�3�F�ǔ
�b0vGScwv']-_JeGB�҅���{T�R�X��t)a/�"a�U��)15˟\Y�;TE
3Ʋ�IW3f�$�5�3�cj��(p*&B�1r$Ob_�ѽ��a+/Ƌڒ2+m5��L^�|f
kYzK3�nw{R`!�
&aY�~L����}t{J��oW 69ԿKzy77777�
dU\b�#Rxk�
�֦[l^lˤxM!;�Vk1?jQ>�o%�T�m0;�܆��MKV�?�)K���0ϲm�(X��V�ZU��<" ��"��p�a7ĩq���_x}��W8)Qw2nKn cK\|�+2x�TL8!\"�%��`( ]uɐ�VbL�Bb����([�'x�:#n&(�J�u����� �|Do9Ɩ�x�=
Л.�Ɨ�Z�?~w�\�~HěD���_= ͳMs��=�VmlS=C /
8pp�S�_.Ix1G��AcXڝcJi+5\d�.,?oW< �Q+GM��Fήn�z�b�"?Q|q|a�6^�뻀ތ���^}��UNחt/�*�_8#��Ѿ.M0�Ӧa56lt)¬�Yi/�{[_?5V�ڄE:wn���hm
%fH�#/ |����? +j�e<=y2;M\�x0^}
��l�!٩Y����m�#l�0M#e�ۀږձ�6YxQ�|3m-m�YޣS|Uʒ1�ZZNLnqjYw>S�zlï^�B�i��f#e։
�V(��7T��5skx-(0�U7ze!�[|pL`I�|`u1��W 8hQ}}Ğjxj�闶Ufg-�(_U�lrw2$N��QE3(hMVÙBt}�s�az2���!̈ОOus5(�&g^Fʼn߳yx^;P��`n��ƵV�xrz5�9T�����?3{>�{�4$t{�j :@@\QOq\��dEw'y{Dd0�M�rz9�hC��~�?�Vz^3ZkݢX;Xif�yBE� ~K-y�-�JYՉȍ��mݹ]�p�jL�h
�p�K($:�ys�/.ޢd]�2Qn)RjX�x�>I�Tnp=jh�DHd�meP)ÿ#rz4�P�sʷ=.ؕժTjQ�ܣF +*`6+*Y�rsk[Q{Z4rTQa��Xv[ֿ�-'|͌V:m��iB�OcL~ԡcQ�
T�TbЭ�B1˪M;InP}sY?e=`
�'�2u/xq�B
�=Jl~C#hM,û�|U:�n|%wۘ{fCm��17]�0*
>T-wA>po<|SP�ʕ�U+%=щhp����̋XH�t4*$:<��m;e6\Ix#O�ĥ)׀�!gTV"Ba=X@:>Io��H*]�U#�`�xV��F윓M{a�Ȑ݊p(-$�a#oKa3d��L�!=:��|tH ]TW SO�� x7t'le1q-<աu/
tS_�
|9@G)��9Ĕ#M7[p}SjJ�L#;�'0�ឩV1,6)�k�M(q�ik8<4>|?_ziJ0%
aA���r���UfIIp���bZ�Ř!b*^r�{4bw"�և�D��ȧn犱1r�KT-B@a=Q#�Ǜ<�|>r+Dja<8�]N"�@�[� g
o�#��?B5D���*%n67XVp_ѹ��fJ��u�A"�\2��OgGA~2?t:&`��Z�&
5KޝQ>ɖàzEQ�t#ߛ��3,ȏݠKlݜ�(�8�&S�j9I�t!C�K/H�zNsZacdtay~X&,0�(��.Ō��CZQJФ*t��+R0cU-%�(_coә YV^"ߣӄ\I�\A]��/ �PIZ�
�W�}G��IS��ʵ?ѝ�XF39^&9nIqst/q{'5}�'\MGݩ;es5N-�41F;��6M&ƋBrfde(AN/�mf)NT3\H�^Eƒ�<�^;OKvE�Gcqy�^ ~�p$;G0%lyї�5�1o&(6)ǞfullŵN#g5^�LWkFN\3C�9nzf�h9j�W;&}*�5=V0<:�(�hO�v{It/۹FhR�s �P!W(5�ʯ74R�](f#7��vF l.?�f=}F:YgsyktZ�пNF?ӹ(w2k|eϛ�y�|v_d�_d�^d�s��E/>/2�">G/3 ?eAYF?���P~Q�{1?�s w1]7]?��͐/W@�W�q�_e
sA?=�/c=�/c}~�_6�A_SV9S>�>e�oʁ~o2�ڿh�&N2�73y�S*�RqA/2ȋ+OY射<(Ay<++PA/nt3�ث�<�?3_�2��̭L_;W'Vr]!,.5P�UZk�/YSݲ7�q cm���{}eh}1Ɨ^Z%/ޤ��<̂\+�g�ل�@CX{#uO�'NW4C�ﹺ�Kd^ WsU}ӉzZ>Ś/J�Yy<�*
tgx'��U-(s#h60�.Ñpۿ{e?|�K2��xwI0dB ۓ{� �g_Ew9�MAwz5[`\��Qhkоx^�I���Hm7cB诿aXkt J7B�����Qb旌NlۀP\|݅Z�t�P3xO\.��}uk6d&|mWw�.~K5 X 9c2,�kg;x��sz!_L �8$Ҵ���).OLt.?�u
61-d�t{l:h}r;Ws������K�l;�W1A~A߉gHa)_�ARWMaM���g�Y{6Dπn�
fyy]�� ,pd+vOE0^�R�[aʹD.v�Ulv[�KR�,���`'/2^�;'��gO_Gϖ9�nz�>K:!S1Q)jkI/?tI3軱Wx�Ѝ
�O1ngNb���*�φŀ�{̾�6��^f+3s묟ƫ�R6Ȥ{���e�PCik=Z+�0DqS�
�XǢVWqTR:!�;
/D?8���ci, ��;fcXJ
�,�oԛ�N*)As�a#�El���;ApN7�Wm���S<"Y4/'lL�xje
.^3Ơ�{e��7�5w�HR#z3L�<��A�C9Xq�k @<ל �r?qmr�?09�&rX)>˲Ƙb>0�,X�+0_m�k��A�k�DeU��|tCGYEL`&;]+�N%t&ж?TH0H6�c?t�f��7�@˽]�^g"a?<#�/ah(�`y��ba&"e��}q$Y
|
Network Security & Hardware 
