help...thoughts...ideas....trust in network admins?

[Anghang]

i'm writing a paper on why you can only put so much trust in the network administrators' hands for a network...from the work i've done, its mostly the admins that are leaving the holes open to attackers...creating shortcuts, backdoors, etc. thinking they're the only ones that will know about them...from what i've seen, their reasons are usually to:

1. provide emergency access
2. have a "just in case" method (ie. just in case i get fired)
3. make life easier

i'm trying to get the point across that security must be stressed just as much as functionality...

does anyone have any ideas or other reasons i can tack onto my paper?

or know where i can get some security incident statistics that show the attack source percentages? (employees, script kiddies, etc)

TIA

 

[Linflas]

You may want to take a look here and see where it leads.

 

[Sketcher]

Anghang You're poorly generalizing a wide ranging scope of responsibility regarding a specific topic.

Certainly there are significant and glaring issues, but if you're responsibly writing your paper - you'll not only wax eloquent the security issues that compromise a network, but the effectiveness of the proper implementation of security methods as well.

A problem with security incident statistics, is that most of the statistics do not encompass environments that are secure. Further, those who successfully implement a secure method within an environment, typically aren't given to allowing statistical analysis to count them as a target.

You are right in a relative sense however, many network environments are loosely secured. The more functionality added, the more issues that need to be addressed from a security standpoint.

Though it should be a Network Admins top priority in most environments, often - the level and effectiveness of a Security Policy and implementation has to do with company directives, budget consideration and just how much a company wants to spend on locking things down, testing access and functionality. Many companies consider IT and IT Security in particular to be one of the last concerns for budgetary spending - that is until something happens that makes "Security" a real issue to those who make the big decisions.

As far as an Admin "creating" a insecure environment by allowing backdoors, "admin access" icons, whatever - that's just plain irresponsible - but it shouldn't be indicative of the norm.

When you've completed your paper, or have a rough draft - please post it here. I'm sure you'll receive plenty of feedback from the Admins and Advanced Techs here and even be able to gather "real world" information with which to better write your paper prior to turning it in. I'd recommend posting in the Networking forum though, as most of the Admins would be hanging out there.

Unless that is, you're just ranting to put a bad light on Admins or stab a personal point. Either way, you really should do more than just ask for points to "tack" on to your paper or google cut/paste statistics into your work.

-Sketcher

 

[Anghang]

Originally posted by: Sketcher
Unless that is, you're just ranting to put a bad light on Admins or stab a personal point. Either way, you really should do more than just ask for points to "tack" on to your paper or google cut/paste statistics into your work.

not ranting, just trying to convince upper management that although functionality is important...security is just as important...

kind of a checks and balances deal...how not one person just issues the check, but a process of request, sign and then issue...done by different parties...

 

[dirtboy]

If you need emergency access, hook up a VPN or have a dedicated dial-up line installed.