Blogs
Sharky's picture
Sharky

Shark Tank

More posts |

February 19, 2008 - 10:22 A.M.

Well, somebody's now a lot less secure

. What's this?

This organization's IT security officer leaves and isn't replaced. "A year and a half goes by and the organization suffers a Web page defacement," says a pilot fish on the scene. "During the course of the remediation, another server that has a couple of Trojans on it is found." 

That's not really a big surprise. Since the infosec guy's departure, the CIO has repeatedly demanded that ports be opened in the firewall, external connections be made to servers bypassing the firewall and servers in the DMZ be connected to internal servers.

The support manager objects every time -- and is always overruled.

"Worse, support isn't part of the process of selection or meetings with potential vendors for the new Web services," fish says. "Support only finds out about the requirements when they are directed to create the holes."

And by then, there's never been time left in the schedule to do anything except open up yet another hole in the antiquated firewall, which the CIO has also refused to upgrade.

And the intrusion-detection system? It's not working -- and there's no budget for fixing it because, despite the support manager's objections, the CIO wants to spend money on noncritical enhancements he's promised to the business side.

But with the Web site defacement, it's clear something has to change. Support manager and his team determine that the two main casualties of the attack are the Web server itself and a database server with one of those firewall-hole setups.

The problems that clearly need to be addressed are the holey firewall configuration and the nonfunctional intrusion-detection system.

"The CIO's solution? Make the support manager the security officer," reports fish. "This is, of course, the same person who isn't invited to the meetings and whose objections are ignored.

"The CIO's pep talk about the new position: 'I need someone who will challenge me. I had some knock-down drag-outs with the old security officer.'

"Great -- anyone have a two-by-four?"

Sharky hates violence, so do me a favor: Distract me from the mayhem by sending me your true tale of IT life at sharky@computerworld.com. You'll get a stylish Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.
Now you can post your own stories of IT ridiculousness at Shark Bait. Join today and vent your IT frustrations to people who've been there, done that.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?

Related Posts

Who do you trust?
How LAN problems can impact on your firewalls
Cisco database hacked; warns Live! visitors (and Cpt. Dave)
Megaupload sings sad song of destroyed evidence

Today's Top Stories

Essential browser tools for Web developers
Hands on: The new iPad
Microsoft cuts the prices of some Office 365 plans
Google works to overhaul its search
Mozilla will start Firefox silent updates in June
Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?