Ask the Expert

What defenses can prevent the hijacking of a city's fiber network?

A systems administrator recently tried to take over a San Francisco FiberWAN network, hoping to avoid losing his job after receiving a poor review. What were the flaws in the city's network, and what kinds of controls can help prevent this type of hijacking?

    Requires Free Membership to View

According to multiple media reports, Terry Childs, a senior network administrator for the city of San Francisco, recently caused a stir by refusing to allow his supervisors access to the city's fiber network. Before looking at what the city should have done differently, I think it's important to point out that there is still considerable debate as to Childs' intentions, and it's premature to state that he was "hoping to avoid losing his job after receiving a poor review."

That said, it is clear that Childs managed to create an environment in which he was the only individual with administrative access to critical network devices. This is a good example of someone misusing the powerful credentials provided to an administrator, and an organization either not setting -- or not enforcing -- security policy that prevents this type of single-person control.

An enterprise should take two steps to ensure it doesn't fall victim to the same type of ransom attack that Childs perpetrated on San Francisco. To start, create an access policy and verify that administrators are following it. It's inexcusable for a system administrator to possess the only administrative password to any type of device and not have provisions to share it with others. What if Childs were incapacitated or otherwise unable to return to work?

There's one common practice I've seen in many enterprises, and it's fairly low-tech: administrators simply write the password on a piece of paper, seal it in an envelope, sign the back of the envelope and place it in a safe accessible to management. In the event of an emergency, management can retrieve the password from the safe. Administrative passwords are automatically changed after any such use. To ensure that administrators are following this policy, management periodically selects a random sample of systems, retrieves the passwords for them from the safe and attempts to log in to the server, confirming that the password is accurate.

More information:

  • IAM expert David Griffeths explains how to manage user accounts after a layoff.
  • Train for the CISSP exam by learning access control policy and system basics.
  • This was first published in December 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: