This is cache of http://feeds.feedburner.com/~r/itsecurity/~3/394542854/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
Admins More Powerful Than Hackers
2008-09-16 13:10:29 by Editor in IT Security - The IT Security Industry's Web Resource
 

Do you trust your admins? We hope so.

The case of Terry Childs, the former San Francisco City Systems Administrator, is a good example of why you should be careful — Childs held the network hostage by withholding passwords and setting up a rogue access point. However in the court case, a supposedly expert witness testified that Childs posed no danger because the city could lock him out with simple steps.

Unfortunately, as Ira Winkler at RSA says, it’s not that simple –

…an administrator with a grudge can cause infinitely more damage than a “computer hacker” could ever dream of.

Given that Childs had his job for years, and purposefully kept a wide variety of critical network information from everyone else, it is impossible for them to lock him out of the network with “simple steps”. Of course soon after Tygar [the expert witness] filed his “expert” report, they discovered the rogue access point.

Read the full commentary here.

 
Tags: childs, terry childs, network, childs posed, critical network information, simple, simple steps, careful childs held, rogue access
 
 
 
 
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia