undefined | Better HN

0 pointshoodoof8y ago0 comments

>>admitting their security allowed an ex-admin to ransack everything

What, exactly can be done to secure a company against a malicious systems admin? These are the guys typically with not only the keys to everything but also the knowledge of how it all works.

You say that the company cannot be trusted for "allowing" this to happen.

I know quite alot about this stuff, and for MOST companies, they simply have to trust that the people with the keys to the castle with behave responsibly.

There are ways to design infrastructure such that it is protected from its builders and keepers, but this is very very hard and complex and expensive.

Presumably you work for a company that has taken steps to ensure this will never happen, what are they?

0 comments

kelnos8y ago

You should be trivially able to secure your company against an ex admin, though -- why was this ex-admin's credentials not revoked immediately after their employment ended?

vinceguidry8y ago

You're assuming he hasn't built in back doors.

At my one and only sysadmin job, the network was secured from likes of this guy by the senior engineer, a Vietnam vet with trust issues and whose talents weren't only technical.

Nothing says "web of trust" like knowing your boss could show up at your door with a shotgun demanding answers.

imron8y ago

> why was this ex-admin's credentials not revoked immediately after their employment ended?

Maybe they were but he'd set up time bombs.

Maybe the admin was fed up, knew he wanted to burn things down, wiped everything remotely and then never turned up for work and he became an ex employee in the aftermath.

It's decidedly not trivial to secure your company against a malicious admin who has control of much of your infrastructure.

nickpsecurity8y ago

There's nothing trivial about that unless the organization is tiny with the most boring and controlled IT ever. There's lots of little cracks for admins to slip in. That's not to mention physical devices with remote, wireless access planted in the building somewhere. Or even in keyboards of important people.

At best, these companies will be keeping out the riff raff. Fortunately, that will stop majority of attacks since most admins aren't geniuses or spending personal money on attack toolkits with 0-days.

sqldba8y ago

If they leave the company, their access might be left running for a while in case they're asked to come back on and fix something during that post handover period.

Or maybe they had backups running under their account and when their account was disabled everything failed so they re-enabled it while they sorted out the mess...

Or they had multiple accounts as part of "security" and HR only knows to disable one and didn't find the other one in time.

There's a whole bunch of reasons why shit like this goes wrong. Every time. You'd cry.

kelnos8y ago

I would consider none of those to be acceptable though, and would point to a huge process failure around security at the company.

x08y ago

Who's saying they weren't? I'm sure that administrator would have been able to plant subtle backdoors, or find and not fix vulnerabilities and misconfigurations, during their time there. In which case it wouldn't matter that their credentials were revoked.

tajen8y ago

Honest question: Are Ansible + peer reviews enough to secure sysadmin work? Of course they can log on the machine to open a backdoor, but they are supposed to be regularly destroyed and rebuilt regularly, so we're theoretically safe, aren't we?

1 more reply

j / k navigate · click thread line to collapse

0 pointshoodoof8y ago0 comments

>>admitting their security allowed an ex-admin to ransack everything

What, exactly can be done to secure a company against a malicious systems admin? These are the guys typically with not only the keys to everything but also the knowledge of how it all works.

You say that the company cannot be trusted for "allowing" this to happen.

I know quite alot about this stuff, and for MOST companies, they simply have to trust that the people with the keys to the castle with behave responsibly.

There are ways to design infrastructure such that it is protected from its builders and keepers, but this is very very hard and complex and expensive.

Presumably you work for a company that has taken steps to ensure this will never happen, what are they?

0 comments

kelnos8y ago

You should be trivially able to secure your company against an ex admin, though -- why was this ex-admin's credentials not revoked immediately after their employment ended?

vinceguidry8y ago

You're assuming he hasn't built in back doors.

At my one and only sysadmin job, the network was secured from likes of this guy by the senior engineer, a Vietnam vet with trust issues and whose talents weren't only technical.

Nothing says "web of trust" like knowing your boss could show up at your door with a shotgun demanding answers.

imron8y ago

> why was this ex-admin's credentials not revoked immediately after their employment ended?

Maybe they were but he'd set up time bombs.

Maybe the admin was fed up, knew he wanted to burn things down, wiped everything remotely and then never turned up for work and he became an ex employee in the aftermath.

It's decidedly not trivial to secure your company against a malicious admin who has control of much of your infrastructure.

nickpsecurity8y ago

sqldba8y ago

If they leave the company, their access might be left running for a while in case they're asked to come back on and fix something during that post handover period.

Or maybe they had backups running under their account and when their account was disabled everything failed so they re-enabled it while they sorted out the mess...

Or they had multiple accounts as part of "security" and HR only knows to disable one and didn't find the other one in time.

There's a whole bunch of reasons why shit like this goes wrong. Every time. You'd cry.

kelnos8y ago

I would consider none of those to be acceptable though, and would point to a huge process failure around security at the company.

x08y ago

tajen8y ago

1 more reply

j / k navigate · click thread line to collapse