San Fran Admin Takes Over City Network

A cautionary tale for any network, government or business:  The San Francisco Chronicle reported this morning that a network admin working for the city of SF has changed the digital locks on a new, multi-million dollar 'FiberWAN' network and is refusing access to anyone else, according to authorities.

He won't give up the passwords, they say, even as he's charged with four counts of computer tampering.

Though the story doesn't provide any technical details - such as whether passwords were changed on servers, network equipment, or the whole shebang - it's a scary thought for any important network.  The article says this particular network stores documents such as "officials' e-mails, city payroll files, confidential law enforcement documents and jail inmates' bookings."

These types of events are thankfully rare and most admins are generally trustworthy folks who care far too much about their professional reputations to pull anything like this. But all the same, here's a suggestion to protect your own company's network against such insider hijacks. 

Ask your IT folks to set up your monitoring system such that when critical passwords are changed, such as root on a unix server or the admin login on network equipment, the IT group, including the manager, gets an e-mailed notice. If at least one other person knows when someone suddenly begins to change critical passwords on multiple systems, you'll have a chance to head off that particular hijack before it goes too far. 

This shouldn't be a difficult move, especially if your network uses a centralized authentication server. You might be able to monitor using SNMP, or with a tool called Tripwire that can check to see when particular files change.

You can also make sure that the IT manager and staff knows how to reset the root or admin password on critical systems. Most systems should allow for doing so if you have physical access - keep the instructions for just this kind of emergency.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Shop Tech Products at Amazon