Since the drama is over, I suppose I can finally touch on San Francisco's recent network issues, namely a network admin holding the network devices "hostage". Sort of.
If you aren't familiar with the story, here's a brief rundown.
Network admin Terry Childs built the San Francisco FiberWAN, the backbone that municipal data travels on. To say he was an insanely-protective admin is an insult to the insanely-protective admin community. According to one report, he was so secretive that he refused to write configs to flash. Now THAT, my friends, is being too paranoid. In the end, the city tried to fire him, and he refused to hand over the authentication information, and he booby-trapped the network so that he could disable it and erase the config from outside if necessary. The mayor of San Francisco eventually talked him from his proverbial ledge and coaxed the passwords out of him, as apparently the mayor was the only man Childs trusted.
The end result was that San Francisco went a week and a half without having access to their WAN equipment. Now, I imagine the remaining admins are scouring every line of configuration trying to make sure that Terry didn't leave any other backdoors or vulnerabilities. I don't envy their job at all.
You've probably realized how this relates to people like us, who admin small networks by ourselves. The major mistake San Francisco made was placing one (apparently unstable) person in charge of the infrastructure with no oversight. That sounds almost like my job.
We're in this position by design. By being the only admin of a small infrastructure, we have a high bus factor. Unnecessary secrecy has no business on our networks. We touched on this last month, after MSNBC reported on IT worker ethics. Nothing has changed since then. Being prepared as an organization means guarding against employees who get hit by buses or turn evil.
skip to main |
skip to sidebar
A blog for IT Admins who do everything by an IT Admin who does everything
Blogs I frequently don't have time to read
Posts
Blog Archive
-
▼
2008
(184)
-
▼
July
(21)
- Security Policy Best Practices
- Life After Windows?
- Arranging your workspace
- Fascinating behavior from a linux host
- Proper Disclosure of Technology
- Happy Sysadmin Day
- HOWTO: Server Cable Management
- Excellent Linux Command: dmidecode
- More on Admin Responsiblity
- NAT: Unjustly maligned or a soon-to-be anachronism?
- Escape from NJ
- Wednesday Guest Blog
- Monday Guest Blog
- (Short) Story time
- Final Preperations
- Cataloging parts for the move
- Stupid Routing Tricks
- The effects of Slashdot
- Remote Claustrophobia
- Logical Network Diagrams
- DNS Names for internal hosts
-
▼
July
(21)
People following this blog
Other affiliations / blog groups
I have a monthly column at
My blog is a part of
I'm a member of
My blog is a part of
I'm a member of
Calling all guest bloggers
Do you have an idea for a blog entry that you want to write? Do you have a blog entry that you've already written, but don't have a place to publish it? I'm definitely interested!
As I don't make any money on this site, I can't offer to pay you for it, but I will happily link to whatever web presence you'd like. My current subscriber count is right around 500 people, so your article would be viewed by a lot of people.
To get in touch, email me at
standalone.sysadmin@gmail.com
As I don't make any money on this site, I can't offer to pay you for it, but I will happily link to whatever web presence you'd like. My current subscriber count is right around 500 people, so your article would be viewed by a lot of people.
To get in touch, email me at
Twitter / standaloneSA
Automatically Generated Amazon Ads
Labels
- security (14)
- networking (13)
- storage (12)
- vacation (9)
- administrivia (8)
- advice (7)
- guest blog (7)
- server room (6)
- virtualization (6)
- backup (5)
- learning (5)
- monitoring (4)
- nagios (4)
- whining (4)
- asking questions (3)
- blog (3)
- cat5 (3)
- fail (3)
- fiber (3)
- physical infrastructure (3)
- remote management (3)
- troubleshooting (3)
- windows (3)
- CLI (2)
- LVM (2)
- archive (2)
- colocation (2)
- debian (2)
- debugging (2)
- dns (2)
- esxi (2)
- giveaway (2)
- hardware (2)
- howto (2)
- laptop (2)
- lisa (2)
- policy (2)
- preblog (2)
- racks (2)
- redundancy (2)
- tech support (2)
- telecom (2)
- training (2)
- vmware (2)
- vpn (2)
- AoE (1)
- IPv6 (1)
- Level3 (1)
- Linux (1)
- NAS (1)
- QA (1)
- QC (1)
- T1 (1)
- active directory (1)
- article (1)
- automation (1)
- bandwidth (1)
- benchmark (1)
- bgp (1)
- blackberry (1)
- blogiversary (1)
- books (1)
- burnout (1)
- business (1)
- centos redhat ldap bugzilla (1)
- checklists (1)
- cisco (1)
- clusters (1)
- competition (1)
- conference (1)
- convention (1)
- cooling (1)
- database (1)
- documentation (1)
- education (1)
- encryption (1)
- ethernet (1)
- ethics (1)
- fibre channel (1)
- filesystems (1)
- fire (1)
- freebies (1)
- heroics (1)
- high availability (1)
- imaging (1)
- incident response (1)
- installation (1)
- international (1)
- iscsi (1)
- kvm (1)
- ldap (1)
- leasing (1)
- licenses (1)
- link (1)
- load balancing (1)
- marketing (1)
- mobile (1)
- money (1)
- openbsd (1)
- oracle (1)
- osx (1)
- passwords (1)
- patching (1)
- project management (1)
- rack unit (1)
- raid (1)
- recycling (1)
- remote desktop (1)
- resources (1)
- routing (1)
- rss (1)
- safari (1)
- sage (1)
- san (1)
- shortcuts (1)
- slashdot (1)
- small infrastructure (1)
- social networking (1)
- soho (1)
- ssl (1)
- stress (1)
- switches (1)
- systems administration (1)
- technology (1)
- terminal server (1)
- time management (1)
- top list (1)
- toplist (1)
- twitter (1)
- uptime (1)
- usenix (1)
- wireless (1)
- xen (1)