My System Environment

Posted March 28th, 2007 by

When you sit down and think about it, I have a really neat user community.  Since we’re an IT services company, all of the users on my back-end infrastructure are IT architects, engineers, or operations.  That means that they are all system administrators in one way or another.  My challenge is to keep track of all these sneaky people, which is different from the usual unskilled user community, where it’s a case of “you clicked on what link and now none of your applications work?”.

We used to have this very talented network administrator working in the NOC.  Not only did he know networks, but he was CISO-savvy.  When he wanted to change something on our core switches, we played a little game that went something like this:

Me: So what VLANs are you going to change?

J: I’m going to connect switch A to switch B and trunk over VLAN 25.

Me: So what is that VLAN used for?

J: It’s a NOC server VLAN.

Me: And what else is connected to switch B?

J: Some other switches.

Me: And what is connected to those switches?

J: Stuff.

Me:  And what would “stuff” entail?

J: Some routers.

Me: And what do those routers connect?

And we would go on like this for a couple of minutes until I felt comfortable with most what was going on.  The funny thing was that most of the time he was up-front with what he was doing, because he didn’t want to do anything bad, either.  It’s when he started to get non-detailed that I knew something was up.
Now the fun part of this is that I have 200 people like this to contend with.  It sounds worse to say it than it actually is, but it’s one of the threats that I live with.



Similar Posts:

Posted in Odds-n-Sods, Technical, The Guerilla CISO | No Comments »

CISO Trick: Know the Hiding Places

Posted March 27th, 2007 by

In my somewhat hazy job description, there is one additional duty that I have absorbed:  limited asset management.  As I tell people all the time, I’m not an asset manager, but I become one when I have to.  For example, I spent an entire month last year doing equipment inventories.  Not a thing to be really proud of, but at the time asset management was one of the chief risks that my organization faced.

My CISO trick for the week:  Know where the engineers hide the excess equipment.  Every NOC, SOC, and data center has the place where, when equipment is missing, that’s the place where you can go and find it.  In the NOC, it’s the closet in Eric’s office where he now has 6 managed switches and some other networking gear.  In the SOC, it’s their half-rack worth of lab equipment, including some spare firewalls and IDS sensors.  In the data center, it’s the top half of rack 1-2 where the engineers put equipment and lock it up so it won’t walk away.

Point is, most organizations have these hiding places, and it’s almost an unwritten duty description to find them.  Don’t point them out as I just did, but keep them as your little secret and when you need to either find something that is missing or absolutely need a piece of equipment, you can go check the usual places and see if you have one on-hand that is not being used.

Last week I told one of our projects that they could not open up some services across the Internet until they designed their connections right with a DMZ for the Internet-accessible servers.  We left the conversation with a logical diagram to build from and the need for a firewall and a small switch–loaner equipment to get them up and running right now and that they could replace with their own when they ordered replacements.  10 minutes later, the project team had a PIX and an older catalyst, all culled from hiding spots.

One final thought for today:  I call these places “Mike’s Happy Hardware Hunting Grounds”. =)



Similar Posts:

Posted in The Guerilla CISO, What Works | No Comments »

Next Entries »


Visitor Geolocationing Widget: