Over the last several month, there have been many articles published about Terry Childs; the San Francisco network administrator who is now in jail after being accused of 'network tampering' during his tenure as Lead Network Administrator for the city of San Francisco.
For those who have not been following the story:
- Terry Childs was the lead network administrator for the city of San Francisco, and managed a very large network responsible for the majority of government data traffic.
- The unofficial reason for him tampering with the computer network was that he was trying to create an insurance policy of sorts for himself after he got a poor performance review and his supervisor tried to have him fired.
- Childs' allegedly configured a single administrative username/password that only he had access to on several key pieces of equipment, and when asked for the credentials, he gave wrong info, then refused to give the correct info.
- Child's is also accused of deleting the startup configurations on several pieces of equipment, so in the event the power went out on the device (required to reset passwords sometimes) the configuration would be lost. Password recovery features were also disabled.
- Childs' also allegedly install data monitoring software on several supervisors computers, and was found with lists of usernames and passwords, including those of his superiors.
- And finally, Child's is accused of setting up 'rouge' devices across the network to provide him remote access to it.
I know, this looks bad. But lets consider what his job was, the man was a network administrator, and much of the above can easily be seen as part of his job.
Things Terry did, that I do daily.
- We have 2 administrative accounts on each computer, 1 master administrator account that stays un used, and 1 administrator account that we use for admin tasks. We do this, so in the event something happens to the one we use, we have a backup that is not used. Only we have these passwords, our clients do not. It is not rare for them to request this info, but we explain that if we provide them administrative access to servers and other equipment, we cannot be held responsible for it any longer. If they need changes made, we can do it for them. If they insist on access, we reevaluate them as customers as it is not worth our reputation to allow an untrained person admin access to a server when they have no reason for needing it.
- Part of the service we provide is installing an application on each computer that monitors event logs, runs maintenance at night, monitors anti-virus software, provides us remote access to computers, and several other things. Monitoring computers is part of our job.
- Configuring remote access to sites. Any network admin who has to support multiple locations sets up ways for them to access things remotely, otherwise they cant do their job. It is not rare to set up multiple methods of remote access, so in the event one fails, you have another option.
How do I feel about this case?
My feeling towards this are mixed. I understand that sometimes an IT admin needs to protect a company from itself. Too often company executives think that because they are high up in a company they should be allowed to do what they want on a computer and access whatever they want. This is not true. Executives are targets in the hacking world. Their information is all over the place on the web and on their company web sites because they want to be known. Because so much data about them is available, it makes it easier to exploit them. This means their accounts need to be even more tightly controlled than the average user, but this is the exact opposite of what they want, and sometimes demand.
When a CEO demands access to something, an IT professional is put in a tough position. They can give the access, and the deal with any problems created by it (and trust me, problems occur frequently when people have unneeded access), or you can stand up to the person and risk backlash.
I have been in this position in the past. A position where executives come up with inane ideas and requests, and despite the IT department explaining why the idea is bad, and the risks involved, and the potential for problems, we are pushed into making the changes. When something goes wrong, we are then looked at like we caused it, and that is not fair. I have left jobs because of situations like this.
The networks and computers we build and maintain as administrators are like a living resume. If you are named as the admin on a network with a major security breach, it can dramatically hurt your career, so when you are faced with these decisions, you are being asked to put your reputation on the line. So with every decision, you ask yourself, "is this risk worth my career?"
However, as a professional, there is a point where you just need to cave and give the boss what they want, and let them deal with the problems. When he was faced with arrest, Childs' should have left the job, and turned over all credentials and information in a proper way, there is no if ands or buts. The data belonged to the city, and while I'm sure he wanted to protect it, and while he may have thought he had been wronged, he had no legs to stand on when it came to that.
I am very interested in seeing how this will turn out.
More info about the case:
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/07/14/BAOS11P1M5.DTL
http://www.infoworld.com/article/08/07/15/IT_admin_locks_up_San_Franciscos_network_1.html
http://www.infoworld.com/article/08/07/17/IT_administrator_pleads_not_guilty_to_network_tampering_1.html
http://weblog.infoworld.com/venezia/archives/020956.html
http://blogs.techrepublic.com.com/career/?p=555&tag=nl.e101