learn unix and linux commands

The Cautionary Tale of the San Francisco Network Lockout


 
Thread Tools Search this Thread
# 1  
Old 07-25-2008
The Cautionary Tale of the San Francisco Network Lockout

I'm sure most of you have seen the news of the San Francisco IT administrator who allegedly locked top administrators out of the city's network.

While the mayor was able to obtain the codes from the city employee, the story has obviously been a PR nightmare for the city and a difficult challenge for the city's network administrators. It brings to mind basic questions for all information security professionals to consider, so a similar situation doesn't occur at your organization.

This is a classic example of what a disgruntled person with elevated privileges can do in any enterprise, either encrypting data, or as in this case, changing passwords to restrict access to business functions.

To avoid a similar situation, start with developing a close relationship with the HR folks and management. Once a disgruntled employee starts getting into a position where there are red flags that he or she might be a risk to the organization (i.e. has been formally reprimanded by their manager for insubordination or other malfeasance), there should be steps taken immediately to restrict that person's access to the network.

This applies not just to systems administrators but to the end user as well. Although they may not have the elevated privileges to do the sort of damage that's being alleged in this case, they do have the ability to introduce viruses, worms and malware intentionally into the system by placing malware on a USB stick or CD-ROM, or visiting a known, infected Web site. There are a number of vulnerabilities in any system, and part of any security solution is obviously keeping the bad things out.

That's the simple communications piece of it - have information security professional in regular contact with HR and management to keep each other apprised of potential "problem" employees. This is key to approaching the entire issue of insider threats. FYI, (ISC)² developed a white paper last year that goes more in-depth on the need for information security and HR to partner together to protect the organization.

The second piece is that when these enterprises are architected, there's got to be a way to ensure that no single individual has the ability to do damage. There should always be someone who has the ability to undo the results of malicious behavior. Limiting access to specific circumstances, requiring specific authentication, or ensuring that at least two individuals have access to conduct the same function reduces the likelihood of such an occurrence.

The old concept of the enterprise was to have hierarchies with a person who functioned as the "god of the network" - the system administrator. The nice thing about Windows 2000 was it enabled "delegated authorities." In the early days of Windows in a network environment, if you were tasked with administering a printer, for instance, you received complete domain access control. That meant you could do anything you wanted. Today, most networks assign access to designated groups who only have privilege to administer a printer or a server for a workgroup and don't have the main privilege.

Delegated authorities, as well as the principal of "leased privileges," are part of the core tenets of what (ISC)² teaches from its CBK. To find more detailed information, I recommend finding a continuing education course on access control, or consider purchasing one of the official guides to the (ISC)² credentials, or re-reading the section on access control if you already have one.

Image
Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. Solaris

Secman lockout

Greetings, I work with a Solaris Sun Server V240 system (GCCS) and have run into a problem where I can't seem to unlock my SECMAN account at the NON-GLOBAL level. I have access to all global accounts to include sysadmin and secman. I have access to the non-global sysadmin account and root... (4 Replies)
Discussion started by: TLAMGUY
4 Replies

2. Red Hat

Account lockout

having account lockout issues with an RHEL 5 server. My users are getting locked out for 10 minutes after one failed login attempt even though /etc/pam.d/sshd is configured for 5 failed attempts: auth include system-auth auth required pam_tally2.so deny=5 onerr=fail... (1 Reply)
Discussion started by: nerdalert
1 Replies

3. Shell Programming and Scripting

2 versions, 1 script (A tale of madness.)

So, I have a machine running solaris (x86) and it has two different versions of Math::BigInt installed on it. The older version is 1.77. The newer version is 1.87 (via activeperl). When I run my code, one of the modules I use needs at least version 1.78. Somehow, it defaults to looking at the... (5 Replies)
Discussion started by: mrwatkin
5 Replies

4. IP Networking

network speed not tale with the port setting

Hi all, one of my Sun Box facing the problem. The network port i had set to Auto-Negotiated and i had edited the /etc/system/ file in the Sun box as below: set hme:hme_adv_autoneg_cap=1 set hme:hme_adv_100fdx_cap=0 set hme:hme_adv_100hdx_cap=0 But when i checked the /var/adm/messages/, it... (0 Replies)
Discussion started by: AirWalker83
0 Replies

5. Solaris

Thoughts/experiences of SAN attaching V880 to EMC SAN

Hi everyone, I wonder if I can canvas any opinions or thoughts (good or bad) on SAN attaching a SUN V880/490 to an EMC Clarion SAN? At the moment the 880 is using 12 internal FC-AL disks as a db server and seems to be doing a pretty good job. It is not I/O, CPU or Memory constrained and the... (2 Replies)
Discussion started by: si_linux
2 Replies

6. UNIX for Dummies Questions & Answers

Lockout Users

I am using AIx 4.3.3 and was wondering what the command was to keep users from logging in. I want to be able to do maintenance and keep the users out. Can anyone help? (7 Replies)
Discussion started by: cgillett
7 Replies
Login or Register to Ask a Question