MODULE FOUR CASE ASSIGNMENT
5 June 2011
Why do companies find it necessary to distinguish between network administration and systems administration?
The first line of defense for almost every organization is typically the system administrator. This is the person that actively interacts with the company network on a daily basis, and by extension has intimate knowledge of it. So it stands to reason that this person would hopefully be the first to notice any signs of possible compromise would it not? Sadly that is often not the case. Whether it is due to a lack of IT Training, complacency, or laziness is anyone’s guess. Several of the company networks that I have been involved with have the same story. All of them have been compromised by exploits, which have been out in the wild for some time. In other words a patch for the exploit has been released and is available. Why then did the system administrator not go out and download then install this patch? Surely it cannot be ignorance? A system administrator is a knowledgeable person who has specialized knowledge. If they can successfully administer a large LAN composed of hundreds of users and a dozen servers what is the issue then? I’m too busy!
One possible issue is that the administrator is simply too busy. Though as I am sure they will admit it is easier to simply go to the vendor site and get the patch then it is to rebuild an entire machine. This is especially so if it is one of your critical servers. That also begs the question of: does the sys admin regularly check that the backups actually work? Should the worst happen and you are compromised does your backup actually have what it is supposed to have? Nothing is worse then finding out your backup plan actually doesn’t work. Rather imperative I would think that you would need to verify the integrity of your restoration media. Few and far between are the admins that actually do check their backups in my experience. An unacceptable lapse indeed, but a reality nonetheless. A key theme that I have been building upon here is that a lot of responsibility lies upon the shoulders of the admin. All too often though for a variety of reasons the admin comes up lacking. What do you do then to remedy that situation? For me it would be an easy fix. How about building in accountability into the system administrator’s job description when they sign on with you? This to me would be the simplest solution, as it would force accountability upon the admin. Not only that but you also hold a hammer over their heads should they not perform their duties as expected. After all this isn’t kindergarten anymore, and we all have duties to discharge with an expected level of professionalism. Is the admin really to blame?
So we have a problem in that time and again the system administrator has been proven to be at fault. Not only at fault but, on a matter so centric to their jobs that it really does boggle the mind. Why didn’t they download that vendor patch! Anyone can harp about a problem, however it is preferred if one also gives a possible solution. With that in mind, this is how I would go about ensuring that my front line people are indeed doing their jobs properly. After all, patching the operating system you are running is very much a system administration job. Once a suitable candidate has been found for your vacant system administrator position you need to go over their list of duties. This is something that needs to be written down on paper so that later on there is no room for misunderstanding. Included in this job description is that they will check the vendor site on a daily basis for any patches, or other operating system information. The same should be included for any other third party applications they will need to maintain. All said and done that is an excellent policy to have, and furthermore is one many companies have. So why then do we keep seeing these very same companies having problems with old...