You are here

insider threat

RAID and Backups

A recent Handler's Log on the SANS Internet Storm Center spoke of the recent demise of an early blog site called "Journalspace.com." Evidently their disaster recovery strategy consisted of maintaining a mirrored RAID system.

I've written quite a bit about how mirrored RAID is a fundamental part of my disaster recovery strategy. However, the Journalspace people apparently skipped an essential step: they relied solely on their on-line data and didn't keep an off-line (preferably off-site) backup.

Post category: 

Bad attitudes versus malicious administrator

The San Francisco story is sounding more like a techie's personal tragedy and less like terrorism or hijacking or a ransom thing. Paul Venezia was contacted by someone in the IT department who knew Terry Childs, the "rogue admin."

Apparently Childs is a highly talented admin who is obsessed with his network. If the anonymous source is painting an accurate picture, then it's just an unfortunate combination of limited social skills on his part and hysterical overreaction on the part of his managers.

Post category: 

Fixing the Insider Threat: Separation of Duty

It's not an easy fix because it requires planning ahead, discipline, and effort. But it's essentially why banks can hire low-wage tellers and not worry about theft at the till (or at least not as much).

San Francisco has lost control of their FiberWAN. It's not clear how much this affects day to day operations, since the city appears to still be working. And that in itself is a tribute to separation of duty.

Post category: 

The nightmare scenario of an insider attack

The City of San Francisco has just suffered what sounds like the nightmare scenario of an insider attack on their computing infrastructure.

The 'disgruntled employee' who reportedly was 'disciplined for poor performance' had enough access to critical system components to give himself exclusive control of the infrastructure and apparently lock out other administrators. The system is said to still be running, but administrators have little control over it.

So what's the lesson here?

Post category: 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer