One Man, One Password, One Cell

So just how important can one person be? If they happen to the the IT administrator and they have a grudge, then perhaps the answer will scare you. In a recently reported incident one employee locked out a whole city from the computer system - and then refused to hand over the password. Implicit Trust fails once more. If that had been your company what would you have done? In this case they threw the individual in jail and are waiting… and trying to crack the password themselves!

More to the point, what could you do to prevent it from happening? This is a tough one - obviously you could have audit trails (but if you can’t log in, then how can you find the information), perhaps you could have a secret backdoor (not such a good idea - some cyber-criminal will find it), perhaps you can have policies and procedures (not that they help when you are locked out)… so what to do? Maybe the best thing to do is to ask your IT administrators how they would solve the problem - they will no doubt come up with a solution that would work for you and your network. If you think using this case might be a little close to the mettle, then how about framing it as an ‘accident’ when everyone gets locked out - it’s own form of ‘disaster’.

July 22, 2008 | Filed Under Availability, Insider, disaster recovery, security 

comments

One Response to “One Man, One Password, One Cell”

  1. Daniel Craig on August 6th, 2008

    Hello, I was looking around for a while searching for infosec role is disaster recovery and I happened upon this site and your post regarding an, One Password, One Cell : View From The Bunker, I will definitely this to my infosec role is disaster recovery bookmarks!

Leave a Reply