On-line Opinion Magazine…OK, it's a blog
Random header image... Refresh for more!

Another Media Outlet Goes To Work

Via Marcy Wheeler, an NBC report system security at NSA.

If you are one of the 1000 system administrators, most of whom seem to be contractors, you don’t need to hack anything, because you aren’t tracked. The sysadmins can use other people’s accounts, and have access to everything on the network.

I have better security on my home wireless network. The people at the top need to be fired over this. This is rank incompetence.

8 comments

1 Badtux { 08.28.13 at 1:19 am }

I worked for a startup that was one of the Silicon Valley’s most spectacular crashes. As in, went through $80M in eight months time. But the one thing we did right: Our sysadmin was one of the first ten employees of the company and had major stock options. He was also one of the last ten employees of the company. Because the sysadmin is God. He is the person who sets up the audit systems and monitors them. He is the person who *has* to have access to the bare hardware in the IT center, because he’s the guy who actually plugs the wires into it to make it work. He is *not* the guy you want to hire on a temporary contract… that’s a recipe for disaster, he has to be loyal to the company, or the whole ball of wax is done.

Google’s sysadmins are extremely well paid full-time employees. They also work in teams where there are at least two people working on any project at any given time, with the implicit notion that if someone goes rogue, someone else on his team will catch him. There have been zero — no — instances of Google intellectual property “going rogue”. The closest would be when we reverse-engineered some of their Big Data algorithms from the contents of some of their presentations at seminars, but that was people presenting information that had been vetted by their superiors, not inadvertent leaks.

The whole way the NSA is currently set up with system administrators as contractors is a recipe for disaster and no way, no how, can it ever be secured. Just sayin’.

– Badtux the Sysadmin Penguin

2 Bryan { 08.28.13 at 10:55 am }

There should be one sysadmin in overall control of the entire system, and that individual should be monitoring what the other sysadmins are doing. Watching 1000 people is what Colonels do in the military, this is a regiment of sysadmins. You can’t have 1000 people able to change everything in the system and expect to keep it running.

This ‘system’ makes no sense structurally, or from a security stand-point. They obviously didn’t read their own ‘best practices’ material on networks.

3 Badtux { 08.28.13 at 12:44 pm }

There can’t be “1” sysadmin in charge of everything, what if he gets hit by a bus. I’ll tell you how a certain Fortune 5 company does things. There are 16 people who are God who oversee their billion-dollar computing center infrastructure. This is so that they can have around-the-clock coverage. They work in four teams of four people apiece. All tasks in a team are supervised by every other member of a team, each member of a team is expected to know what every other person on a team has done during the course of a shift so that the current state of the infrastructure is known. A handoff is done at shift change with a report on what was done given to the next shift.

Now, there are literally hundreds of project teams involved in managing pieces of their IT infrastructure (each of which are also four people). None of those people have God access. They are given access to what pieces they need access for in order to accomplish their project, and if it’s especially critical infrastructure, they need to get permission from the CIO before touching a piece of infrastructure and it is only for a very limited time before that permission is revoked. No single person works alone. There is always someone looking over their back.

You’d think this was a really bad place to work, but it isn’t. They have very good employee retention rates and the workload is fairly sedate. They make sure to hire good, but not brilliant, people who enjoy working in teams, and get good work out of them. Some criticize them for not innovating beyond what’s needed to keep their Fortune 5 company out-competing its competitors, but that’s not what they’re about — they’re about out-competing their competitors, not about flash and glamour. And it works for them.

This company’s IT management strategies are widely acknowledged as being the best in their industry. *NONE* of their core system administrators are contractors. *NONE* of the project leads are contractors. Project teams are allowed to hire contractors if they cannot do all the work, but the contractors are always accompanies by a member of the project team and are *never* given access to any of the infrastructure. To get access to even a small piece of the infrastructure such as a contractor repairing hardware that has gone down, the request has to be forwarded all the way up to the VP level, that’s how tightly they hold it. They much prefer removing the faulty gear from their infrastructure to their R&D lab and having the contractor repair it there while a spare piece of equipment from their R&D lab takes the place of the gear that went down.

And that’s how the professionals do it. What the NSA is doing… that’s just clown college. No, correct that — that’s an insult to clowns. Sigh!

4 Bryan { 08.28.13 at 1:26 pm }

Badly stated on my part, as I assumed 24/7/365 coverage which obviously requires more than 1 person. What I meant was a single central authority from whom all access flows, and who watch what is being done at the next level down, like the system used for launch control teams for missile silos [it isn’t easy to launch an ICBM because a lot of people have to agree it’s a good idea from the President on down].

Reading about this while remembering that we couldn’t use electric typewriters when I was in because it might be possible to detect the signals sent from the keys to print mechanism through 12-inch ferro-concrete walls that had grounded metal screening on the inside and then a sound-proof layer before the sheetrock was installed. I have no idea what the difference was supposed to be from those signals and the signals used by the Teletype 33s that were used in the Comm Center.

The same lack of security has reared its ugly head in the nuclear weapons storage procedures. The old system has just collapsed, apparently in the rush to make the military more like a business and to cut costs. 😈

5 hipparchia { 08.28.13 at 7:33 pm }

The old system has just collapsed, apparently in the rush to make the military more like a business and to cut costs.

😈 indeed.

😉

speaking of old systems… not that this is actually related to anything, but i got a kick out of it:

http://longstreet.typepad.com/thesciencebookstore/2013/08/a-note-from-the-future-a-computer-needs-questionnaire-from-1953.html

6 Bryan { 08.29.13 at 12:11 am }

The equipment in the pictures pre-dates even me, although I’m familiar with the terminology. I do remember ‘nixie tubes’, the device with the glowing number, because some of the Air Force equipment I used still had them for the display. They were vacuum tubes with wire numbers inside. They glowed orange when a voltage was applied to the appropriate pin on the base.

7 Kryten42 { 08.29.13 at 2:35 pm }

Oooh! I remember Nixies! 😆 I even used them once, in College doing my COT (Cirtificate of Technology, basically a Grad Dip).

Speaking of *OLD* Tech… I came across this at the online University of California Library (The California Digital Library). I like it there, they have a lot of really cool publications online, some you can’t easily find anywhere else! And with a nifty Java eBook reader. 😀 Anyway, I saw this, and thought of you m8! 😉

How to Foretell the Weather with the Pocket Spectroscope (1884)

Apparently, it works (though how well, I guess you’d have to try it to find out). 😆

PS> You can download the book as a PDF or ePub, click on the “i” (info) icon at the top. It also has a text-to-voice feature. 🙂

8 Bryan { 08.29.13 at 11:01 pm }

I would guess the the barometric pressure would affect the atmospheric filtering of sun light which would alter what was seen in the spectroscope. If calibrated to a real barometer you would get a good idea if the pressure was increasing indicating generally clear skies, or if it was falling indicating inclement weather.

You could probably get a good feeling for the humidity in the air in the same way.

I still think I’ll stay with recon flights and satellites when it comes to hurricanes. 😉