Totally Secure Network



  • I've posted before about my company's IT support services vendor.  They are the ones responsible for things like using default UPS passwords and this work of post-modernist art.

    They are also responsible for all Windows computers in the company, and should be monitoring them, setting them up, installing updates, and so on.

    One day my phone (both my office and cell) began ringing like crazy, and people were running up to my desk - all across the company people had lost email access and were locked out of their accounts - but not everyone had this problem.

    After a lot of scrambling around, we were able to determine the cause:  some kind of virus that infected Windows computers was attacking our Active Directory server (which controls, among other things, email server authentication).  The virus was flooding the server with authentication requests, causing the server to lock out accounts at random.

    This prevented legitimate authentication requests from validating, as accounts were locked out.

    These things happen, of course.  But then I was told that the virus was only affecting PCs without anti-virus installed on them.

    WTF!?

    I thought the very expensive IT services vendor, with their very expensive computer monitoring network and software, was responsible for making sure that all PCs had anti-virus installed and active.

    It seems that this was just another little thing that they let slip through their fingers.

    I wish I could get paid $250 an hour for doing this quality of work.  I certainly get paid a heck of a lot less to fix it.

    No surpirse - they're sending someone out (at our expense) to make sure everything is "all clear".

    So far all these little incidents and outages have been caused by random failues and stupidity.  But the day someone with actual malicious intent gets in the network, there's no telling the damage they could do.

    My requests for a more sophisticated network monitoring system have been denied.

    The vendor assures us that their software is adequate.

    I'm keeping my CV at hand.



  • Wow.  That sounds like something they should be paying you guys for, not the other way around.


  • Discourse touched me in a no-no place

    In your situation, I'd not only have a CV at hand, I'd be actively looking, and by actively looking I mean calling a recruiter and telling them "Get me out of here! Now!"



  • @KrakenLover said:

    So far all these little incidents and outages have been caused by random failues and stupidity.  But the day someone with actual malicious intent gets in the network, there's no telling the damage they could do.

    Given the poor state of security there, how do you know it hasn't already happened? It's entirely possible someone has been in and out of your network and was never detected!



  • @dcardani said:

    Given the poor state of security there, how do you know it hasn't already happened? It's entirely possible someone has been in and out of your network and was never detected!
    Exactly.

    We don't have any way of knowing, really.  Unless the intent of the intruder is to do something drastic like change the power supply settings on our UPSs or wipe all the data from our various servers, there's no way to tell whether or not there is someone unauthorized in our network.

     


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.