The O’Reilly Network system admin section posted an article about the many things that computer system administrators forget to do when it comes to security and protocol. It is a very well thought out list, including simple errors that should never happen, like:
1. Forgetting to Delete a Former User’s Account
When IBM, Novell, and HP hold seminars in the same city around the same week, you find out why you need their identity management systems. Some unnamed Fortune 50 companies forgot to delete former user accounts for five years. Those former employee accounts existed in the human resource and payroll databases, in the computer directory, address book in the SID, SAM, and AD. The vendors will say, you don’t have enough system administrators, will never find enough available, and therefore need Tivoli, eDirectory, or OpenView.
Who really knows if the workforce has enough system administrators? In my survey, system administrators complained about their workload, lack of time to plan, and a need to prioritize their tasks. I asked many if they kept a list of their tasks and few did. About 90 percent of the engineers surveyed went to work with their daily schedule in their heads. I counted that as forgetfulness.
I rarely go to the grocery store without a list because I cannot recall what I need. I forget the laundry detergent or some obvious item like vitamins. If I can’t remember 15 items on a grocery list, how do I expect to remember the things I need to do at work? I function poorly without a list.
We have to close the door when a user leaves. We also need a checklist to follow and a way to find out who left. You cannot justify leaving former user accounts active. Some things to remember include disabling the user’s password. I like to preserve her directory, since someone else may take the her place. I typically move the directory and rename it. We often want to keep the contents of the old user’s directory intact.
Depending on your organization’s IT policies, you’ll want to create a list of actions to take. Remember that you need to do more than simply changing a user’s password. If this user ever had root access you might find anything from a trojan system binary to an unknown kernel module. With that in mind we can move on to Rootkits.
More inside
The article also includes less obvious tips that system administrators should follow such as:
5. Forgetting the Risks of Flash Memory Drives
USB flash drives can transport large files to colleagues or client’s remote office and access data without worrying about compatibility. You can take work home or travel with data without needing a laptop. Unlike a CD-R disk, you can edit documents or data on the flash drive directly. You can also backup files.
But, flash drives can be a system administrator’s worst nightmare. Viruses can be brought in from home, employees could make a “home copy” of a corporate software package, or, in the worst case, flash drives could be used in corporate espionage (e.g., where sensitive data like trade secrets or customer lists are stolen).
A poll of taken in the United Kingdom corporate IT managers revealed that:
* 84 percent of businesses do not have security policies to prevent employees using removable media on their networks.
* Half of respondents believe employees take unnecessary risks with critical corporate data.
* Two in five admitted to having no idea whether removable media had been used to steal sensitive corporate information.
* 85 percent of firms said that their employees use removable data devices throughout the company, transporting data between the office and home.
Also, as if people need to be reminded:
7. Forgetting Courtesy
I wonder how many times this comes up. A month ago, a young lady in our office attempted to move a large conference table. The CTO and I made a valiant attempt to help her. We failed. The table weighed too much for us to move. The CTO looked around and asked two of our IT guys to help. You might think that they would have jumped at the chance to please the boss. The IT guys gave us the Mohamed Ali look. The young lady and I simultaneously uttered, “Don’t ask them.”
I had just joined the company and couldn’t believe the stories I heard. The troublemaker came out in me and I went to my immediate supervisor to ask if the support people from the IT department really cast an evil eye when someone requests help. He answered in the affirmative and asked, “Aren’t all IT guys like that?”
I understood the sour attitudes exhibited by our busy admins. I pulled weekend all-nighters many times. Fortunately, during my early days in help desk and call center training, someone instilled in me the need for a smile and a helpful attitude no matter how many hours of sleep I had. Courtesy and diplomacy became the hallmark of my work ethic.
Now, I said I have this troublemaker side. So, I wrote up a generic job description of technical support personnel. I put the description together from several job requirements listed on Monster and Dice job boards. I then presented it to my boss and made sure to read it over with him. Soon afterward, I saw a closed door and heard something like computer parts smashing against walls. The IT guys came out of their office looking ready to remove my head. They marched to the data center and didn’t come out for a week. But a funny thing happened when they emerged from the data center; they had cooled down and both gentlemen apologized. They became models of courtesy.
I began asking people in other divisions within our company if their IT people acted like jerks. I learned we hadn’t cornered the market of system administrators in need of anger management training. Somewhere along the line, a sour disposition took hold, and it never changed. It happens a lot in our world.
If you want support from management, consider remembering that the user you offend today could wind up on the board of directors. Regardless of that possibility, system administrators should always remember that their clients are internal and if you want to keep your job, be good to your clients.
The rest of the list can be found here.
May 4th, 2007 at 5:38 am
I have to disagree with .7 Those who work in an IT department are already hurting to server hundreds if not thousands of employees. Employees generally treat IT badly by demanding things have to be fixed and THEIR stuff is more important, so when thousands of people say this at the same time, we have to take our time away from people who went through due process and logged a ticket. IT’s time is valuable and employees are give an inch and take a mile. So yea, if an employee comes down demanding their printer be fixed ‘RIGHT NOW’ then yea, everyone is look at them like, ‘Well, did you submit a ticket? I’ll bet you didn’t.” And you know what, 9 times out of 10 after their printer is fixed they’ll come up with another problem they’ve been having. I’ll admit when IT screwed up and be happy to fix a longstanding pattern, but it’s employees grandstanding and blackhole help attitudes that make IT a frustrated bunch. So yea..don’t ask IT to move a stupid table..there’s a department for that - it’s called facilities or maintenence. Evil eyen someone asks for help? Yea, there’s a process for that - submit a ticket. I’m tired of hearing people bitch about how mean IT people are. We aren’t mean, there’s just a process we have to go through before we can just drop everything we are doing for great employees who do follow the process, and give that time to employees who don’t follow process.