General discussion

Locked

How do you keep a reckless Administrator from hurting your network?

By kit_eizenga ·
I work for the DOD. We are very security orienteed due to our mission being national defense. We have a security administrator that is very reckless on how he does things. i.e. unplugging the backup server cause he believes it has malware on it, Pushing out a security patch before it has been tested on a group of workstation, upgrade a a patch on an Intrusion Prevetion System which stopped all Intenet/WAN access.

He is basically allowed to do Carte Blanche in the name of security. It has pissed our HelpDesk off to no extent and makes us look like idiots to our customers. He is allowed to do this cause he gets us good scores on our all important security inspections.

Soon this will be the most tied down functionless network. What can I do to get his actions slowed down and have him follow proper change controls the rest of us do?

This conversation is currently closed to new comments.

12 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Change controls

by NickNielsen In reply to How do you keep a reckles ...

When I was in the USAF, our base IT read the regulations as requiring the proper use and documentation of change controls. You don't specify a branch or agency, but at the very least, you should be able to find a DOD reg or instruction that applies.

Security is a good thing, but you have to manage security n such a way that production is possible. Maybe it will get somebody's attention if the end users start complaining that their PCs/networks are so secure they can't do their job.

Edit: clarify

Collapse -

Document, CYA, Notify, CYA

by robo_dev In reply to How do you keep a reckles ...

- Got any IT Auditors?
- Got management with any cahones?
- Got another job lined up?
- Got a good lawyer who knows whistleblower statutes?

This is more a management issue than a technical one....the main thing is how to notify the right people, and get the problem fixed without being the one on the street.

I had a similar problem at a defense contractor who shall not be named...I got my courage up and met with the IT Director, face to face.

His response?

He told me to hush up the problem, fix the problem myself, and to be a better team player.

Was the incompetent employee sanctioned?

Nope.

(The issue was that there were about 100 pirated licenses of NetWare on the network, and NONE of the servers had been backed up (new backup hardware piled up in boxes). The lazy lan admin never bothered to submit the POs for Netware licenses, and he never bothered to install the backup hardware/software.

Collapse -

What version of Netware was this, because Netware detects dupe licenses

by ManiacMan In reply to Document, CYA, Notify, CY ...

Was this Netware 3.x or later versions that supported NDS? I know that in Netware 3.12 trying to install multiple servers with the same license would result in annoying broadcasts being sent to every workstation about license violations. I'm sure somebody would have noticed. I'm sure that if Novell found out, they'd be suing the living **** out of them, defense contractor or not, because they're not exempt from software piracy laws. Oh boy, that would have been one **** of an ugly court battle.

Collapse -

My perspective...

by JamesRL In reply to How do you keep a reckles ...

No one person should make decisions on changing the network alone and without documentation. DoD makes it even more important.

When I worked in the nuclear industry, my employer had a good system. Every week we had a change control meeting - the department heads of help desk, data centre, QA and programming would meet and review any proposals for changes - the proposer would have to have already had approval from a "sponsor" for the change, and the board would approve when it would be implemented. You could not get approval for a change within a week unless it was an emergency.

We tried to balance the amount of changes at any one time - we had a 4 hour window each week and tried not to bite off more than we could chew. So we wouldn't patch a server that had an application change the same period etc. We grilled QA to make sure everything had been tested in a test environment first.

Sounds awful but we had a damn stable environment.

James

Collapse -

And that's the way it should be done. I commend their methods

by ManiacMan In reply to My perspective...

Nothing should be done on a whim except for emergencies where production is being directly affected and people are losing money. Nobody likes these meetings and being put on the spot as to why these changes are being done, but without everyone on the same page and agreeing on why this is being done, things tend to get ugly very quickly. It's a necessary evil, but it's purpose cannot be overstated.

Collapse -

Some security doesn't look like it

by mjd420nova In reply to How do you keep a reckles ...

That's how it becomes routine and eventually it'll reach a status quo. You must impress upon the powers to be that any changes be completely reveiwed before implimentation. What a complete and total dis-regard for their own rules and leads only to chaos.

Collapse -

Crap like this would never fly in the private sector. They'd fire him

by ManiacMan In reply to How do you keep a reckles ...

It amazes me every single time I hear of stories like this about the stupidity and outright asinine beaurocracy in the public sector that keeps morons like the guy you describe employed. He'd never last beyond the first week of employment if he did anything like this in any of the private firms I've worked for in the past. Yes, I've worked for public sector state agencies and they too had their fair share of nuts who in my opinion should have had their fingers smashed by a ten ton press instead of being allowed to administer the network, but what you describe falls into the classification of "rogue administrator" in the private sector. What I would do is document every case of incompetence and negative consequences of his actions. Keep everything in writing and when communicating with him, cc the superiors so they're aware of what's going on, as they may be in the dark altogether. Rule #1 is to always cover your behind so that you don't end up as a scapegoat and blamed for any of this, as people like him tend to love blaming others. If you see you can't change anything, perhaps it's a sign that you're not cut out for public sector stupidity and should work in the private sector with people who have formal change control procedures and follow proper protocols to get things done.

Collapse -

Of course it would

by highlander718 In reply to Crap like this would neve ...

Not sure which private companies you worked for, but in the large and yes, very political, corporations/multinationals, I do not see things being very much different. There is a lot of emphasise put on "looking good" and scoring points in different standard appraisal tests, so the practical side might suffer a bit.
This guy reminds me a standard corporate manager who knows s__t other than covering his back, smiling to his superiors and using his teams knowledge to score points for himself. Rarely are such specimens fired or punished in any way.

Collapse -

public sector stupidity?

by The Listed 'G MAN' In reply to Crap like this would neve ...

Your professional status just dropped with a comment like that.

"follow proper protocols to get things done"?

Again!!!

I have worked in the public sector. Myself and the people I worked with are/were first class professionals.

Your posts stinks of bitterness.

Collapse -

Perhaps I am bitter because the work experience wasn't pleasant

by ManiacMan In reply to public sector stupidity?

But needless to say, stuff like what I mentioned runs more rampant in public sector agencies than it does in private sector.

Back to Networks Forum
12 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums