RAID and Backups

January 3rd 2009

A recent Handler’s Log on the SANS Internet Storm Center spoke of the recent demise of an early blog site called “Journalspace.com.” Evidently their disaster recovery strategy consisted of maintaining a mirrored RAID system.

I’ve written quite a bit about how mirrored RAID is a fundamental part of my disaster recovery strategy. However, the Journalspace people apparently skipped an essential step: they relied solely on their on-line data and didn’t keep an off-line (preferably off-site) backup.

Continue Reading »

Posted under Household Tech & Security | No Comments »

Bad attitudes versus malicious administrator

July 18th 2008

The San Francisco story is sounding more like a techie’s personal tragedy and less like terrorism or hijacking or a ransom thing. Paul Venezia was contacted by someone in the IT department who knew Terry Childs, the “rogue admin.”

Apparently Childs is a highly talented admin who is obsessed with his network. If the anonymous source is painting an accurate picture, then it’s just an unfortunate combination of limited social skills on his part and hysterical overreaction on the part of his managers. Continue Reading »

Posted under Security | No Comments »

Fixing the Insider Threat: Separation of Duty

July 18th 2008

It’s not an easy fix because it requires planning ahead, discipline, and effort. But it’s essentially why banks can hire low-wage tellers and not worry about theft at the till (or at least not as much).

San Francisco has lost control of their FiberWAN. It’s not clear how much this affects day to day operations, since the city appears to still be working. And that in itself is a tribute to separation of duty.

Continue Reading »

Posted under Security | No Comments »

The nightmare scenario of an insider attack

July 15th 2008

The City of San Francisco has just suffered what sounds like the nightmare scenario of an insider attack on their computing infrastructure.

The ‘disgruntled employee’ who reportedly was ‘disciplined for poor performance’ had enough access to critical system components to give himself exclusive control of the infrastructure and apparently lock out other administrators. The system is said to still be running, but administrators have little control over it.

So what’s the lesson here?

Continue Reading »

Posted under Security | No Comments »