IT Employment·20,064 discussions

Liability of a Sys Admin

Locked

What happens if your network gets infected ot hacked? How liable are you?
Also how does it change if you just joined the company and met a crude network. What if the work involves supporting a BNC based network, loading a jammed printer daily or doing something that takes considerable time.
Please no flames. I know you may be very competent but I am sure that 99 % of us do some or other mistake at work. After all even IBM got that blaster worm

Topic

Resposibilities

In reply to Liability of a Sys Admin

Yes it is your responsibility to protect the network as an admin. BUT….If you’ve walked into a big mess that hasn’t been setup and configured properly, (I assume you told the boss this)then it is YOUR responsibility to bring the network into proper shape and secure it.

If you have spoken to “the powers that be” about it, and were ignored, the burden is on them. If you were told to update the network and were given sufficient time and resources, it is YOUR problem.

Your walking into this NEW position should remove any direct blame, however, now is your chance to make a case and get the products needed and apply your skills in order to prevent this happening again, or at least have the needed protection in place. We can’t be completely immune.

Good luck,
OM

Blame

In reply to Liability of a Sys Admin

Unless you literally just walked onto the job the day before the virus or hacker hit you, you are going to get the blame (whether you really deserve it or not).

When accepting a new position that involves a mess of a network, you have to perform triage immediately.

Triage consists of performing a quick survey to determine problems and fixing the serious problems first (assuming they are fixable). Of course the ability to perform an effective triage greatly depends on your skills and your experience. You obviously can’t fix a problem if you don’t have the skills and experience to know the problem exists in the first place.

On a day to day basis, you must set your priorities to tackle the REALLY important things first. If you are given conflicting priorities that you cannot resolve(“I know you are to get the broken email server back on line, but you need to fix this paper jam NOW!”), you need to bring this to the attention of your boss and let them share some of the heat. You probaly have a pretty good idea of what your priorities need to be. Make sure your boss understands those priorities and agrees with them.

One other note:
It’s one thing to get hit by a hacker using a previously unknown exploit, or a brand new virus. It’s an entirely different matter if security patches and virus updates for known exploits and viruses are available and you haven’t applied them yet.

My take….

In reply to Liability of a Sys Admin

If you have just joined a company and they are connected to the net.

Then your first and foremost priority should be to connectivity and the firewall. User support takes a back seat. Since if your network is hacked then you have to shut it down anyways.

Taking over a new network is always hard. But start at where you are most vulnerable and work from there.

Once it is your design, if you get hacked, then it is your responsibility.

management decisions

In reply to My take….

Say the managemnet delayed buying the firewall untill his mates in the other company / client lost all data. Or you are dealing with 100 Windows PC and 1 unix host which was unknown to you.
Are there some contracts enforceable? What about the condition when the blaster worm path from MS needs SP2 and applying SP2 breaks the database program whose company has been shut down and cannot be updated.

Programmers work behind disclaimers all the time. So can Y2K be blamed on an admin too? Is there any policy for sys admins? After all if win 2000 is offered without suitabilty for any purpose etc there shld be a reasonable limit for sys admins as well.
BTW have you never had a glitch in your network?

Of course there are glitches

In reply to management decisions

But not due to viruses, script kiddies or hackers.

–first though, no matter what, you make the network work for you and your abilities. Your the one who has to manage it.

If the powers that be do not want to spend the cash on a harware firewall, there is always free linux. But *every* machine that in the world needs a firewall of some sort. By every I mean home users also. Even if it a simple NAT device.

–Y2k, It can’t be blamed on a SysAdmin, but it is/was their responsibilty to make sure that all systems were compliant.

There was a time pre-present architecture, that I(corporate) had to deal with viruses. But the architecture that I designed has been in place a little over 3 years.

After initial deployment I was still in paranoid mode. But now when a new virus or worm hit’s. I send out a bulletin to all users, just for informational purposes, and relax.

When a exploit comes out, I review our systems. But 99% of the time I don’t have to do anything special to secure the network.

I also use the same methods when deploying networks for private clients. So they are afforded the same comfort zone that the corporate network has.

That’s not to say that we don’t have glitches like hardware failures and stuff of that nature. The biggest thing we have had to contend with ‘virus’ wise is malware/spyware that people get from being stupid when they surf the net.

Unforunately, Spyware typically is not caught by virus scanners.

I’ve considered installing various spyware products. But they too are spyware in themselves and alot of them interfere with our software.

something like this case

In reply to Liability of a Sys Admin

please see http://techrepublic.com.com/5208-6230-0.html?forumID=3&threadID=135926&start=0
its sort of the scenario i am talking about ( small company/no written policy)

Merge this post with the others

In reply to Liability of a Sys Admin

To be or not to be .. liable!

That’s a good question. Based on your facts, I may say the followings:

– as Sys Admin it’s your duty to maitain/secure the network
– it is also up to you to write down and pass forward – to whom it may concern :)) – the problems you detected on the network and the sollutions you are going to implement
– if it’s a new LAN you are administering, the best start to do is to ask for all documentation about the network. It is not that easy to start when you don’t even know where the server’s room is :)) – or what the servers are.
– about the “jamming paper and all” – write down a paper (or more) about “How to solve common problems” and give this to the users. You have to understand that if you are not going to teach your users to do by themselves some common tasks (not the very hard ones, just those that need only to read and perform (such as paper jamming – which is pretty good explained on every printer how to solve))- and you have to explain that to the manager as well – you will never be able to perform the job you were taken for.

About the mistakes we do – of course we are/were doing lots- that’s how we learn :). I have a saying: who’s not working is not mistaken!
But, and there allways is a but, take this advice: do the mistakes that you can solve in less than 5 minutes orelse … meaning: think twice before you press that YES button on the screen :).

And now, at the end – to be liable or not, this is something that is hard to say. Why? Because if a hacker hacks your network – that did not mean that you were wrong. Security is really the most important thing, but keep in mind: the best securized computer is the one closed :)). I mean, yes – shit happen sometimes, it’s your responsibility to solve it – and do it quick, this is the main point were someone can “note” you. To prevent something that even the programmers were not allowed about it’s stuppid.

Learn to hack

In reply to Liability of a Sys Admin

I am a Systems Administrator for the Marine Corps. Running an efficient network depends on allot of things. But to prevent infection from viruses and restore or create network security can be greatly assisted by a good knowledge of hacking. I first started creating virus at age 13 and then as I got older and more serious I created Trojan horses and email worms. But alas I realized that with this “High Tech Video Game” could have negative reflections on my career. In the end it became advantageous to know how viruses worked and how to stop them and how they are created. Know your enemy!!! Also grab a few test viruses or Trojans that don?t have payloads from one of those hacker websites like http://www.warez.com send them to your server quarantine them and defeat them. And with Trojans and backdoors attempt to install them remotely to your network and see if the firewall restricts it. If you find loopholes patch them up. Be a hacker and you will understand network security!

Is it allowed?

In reply to Learn to hack

I quite agree with your experience about testing malicious codes in-house. But there are situations where these “binary robots” become “self-aware”; causing more damage than intended. Time, cost & skill among others; should be considered. However, it all depends on “policy”.

Valid point, however…

In reply to Is it allowed?

First thing you must consider is this, how important is your systems info? If your network is so important it cannot stand a crash, virus, or invasion by a hacker. Then you must ask yourself to what extent are you willing to protect it? If you are able to get in. Anyone is able to get in. And if you can’t get in then you are most likely safe. If you try to send your server an email worm like “blaster” and it has no effect whatsoever than that tells you that you are protected. But if the first virus you try crashes your server then your server is nothing more than an expensive time bomb. Almost 85% of the worlds computers (on line) were hit with the blaster worm, if you are not invincible then your risk of a minor virus infecting your system is nothing compared to a complete system failure. IMO LCpl Stillwell Systems Adminstrator 2dMardiv

[Author]

Replies