Too much network control is a bad thing

Too much network control is a bad thing

Spread that knowledge and authority around

Article comments

The City of San Francisco's IT department has been in the news recently, but it is certainly not unusual when it comes to allowing just one person to have unfettered rights to make password and configuration changes to networks and enterprise systems.

In fact, it's a situation fairly common in many organisations - especially smaller to medium-sized ones, IT managers and others cautioned in the wake of the San Francisco incident. Terry Childs, an employee working for the city's IT department, used his privileged access to lock everyone out of a crucial network for days.

A network administrator working for San Francisco's IT Department of Telecommunications and Information Services (DTIS), Childs was arrested on 13 July for allegedly tampering with the city's FiberWAN network. He is also alleged to have planted network devices that enabled illegal remote access to the FiberWAN network, which carries almost 60 percent of the city government's traffic.

He was jailed on a $5 million bond after refusing to divulge the passwords he had used to block access to the network. Childs pleaded not guilty to the charges against him at a hearing in San Francisco Superior Court last week and asked for his bail amount to be lowered.

At a bail hearing on Wednesday, a San Francisco Superior Court Judge refused to lower the bail, even though Childs in a dramatic move earlier this week disclosed the passwords to Mayor Gavin Newsom in a jailhouse meeting. His next hearing is scheduled for September.

The episode and the city's struggle to regain full access to its locked network have highlighted the dangers involved in handing over too much administrative control of networks and IT systems to a single individual.

But the situation exists more often than imagined, said Matt Kesner, chief technology officer at Fenwick and West, a San Francisco-based law firm. "It's probably more common than we'd like to think. This is the kind of nightmare I could see happening at many organisations," Kesner said, citing his own experience from working at other companies.

"There often is a single networking guru who really does have the keys to everything. You have to work very hard to make sure that more people have the keys," and that there's infrastructure and processes in place to enforce it, he said. Often though, companies simply don't have the resources or the skills needed to really do this.

"Unfortunately it is not that uncommon to come into a situation where one or two people have created a situation where not only are they the only ones that know what is going on, but they are the only ones that can do anything," said Lou Michael, director of network and infrastructure services in Virginia's Arlington County department of technology services.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *