Open IT Forum: Security Worst-Cases

Cloud Security
Lotus Domino
Microsoft Exchange
Microsoft Windows
Open IT Forum
SQL Server
Windows Server
Have you had rogue employees deploying to the cloud without your knowledge, that is, until something went wrong? Share your worst-case experiences including how you rectified the situation. We want to hear your security horror stories to help other members and potential rogue employees avoid the same pitfalls. The best stories get 200 knowledge points as a final push in the final week of the iPad contest!

Answer Wiki

Thanks. We'll let you know when a new response is added.

We had an IT exec who also wanted to write code, especially SQL. He would take nice compact stored procedures and turn them into a nightmare. Not only did he rewrite 75 % of the stored procedures, he bypassed our content control system doing it so none of it was documented. He had procedures that would take minutes to hours to run and return very little data. We have so far cleaned up enough of his work that we can shrink our databases by 25 %, remove about 9 million rows of unnecessary data, speeding up the overall performance of our database and web servers. We have since added controls that will prevent circumventing change control parameters as well. Lesson learned: execs don’t write code.

Discuss This Question: 8  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Contest Bounties: Last chance to win an iPad! - ITKE Community Blog
    [...] Worse-Case Scenarios: Share your worst case experience in security gone awry. Rogue employees deploying to the cloud without your knowledge until something goes [...]
    0 pointsBadges:
  • Fork92
    Our domain admin decided that my security policies and group policies were too hard for him to update. So, instead of asking me to update them, he just stopped them from running. In less than three weeks, I had users on my network with unapproved external USB hard drives, a host of viruses and malware and a random selection of 60% of users who had various versions of software on their desktops because the gpos weren't running.
    945 pointsBadges:
  • mpez0
    A certain high-end workstation manufacturer had some early (as in predating X Windows) windowing software called Multiple Exposure, or
    . Running
    would take over the console screen and put it in a window, but there would be no visual indication of that. No border, no title bar, no change. If you then logged out in that window, would get what appeared to be a normal log out and prompt. Except that you had only logged out of that window and your original session was still running to anyone who used the correct key combination to rotate windows to background or exit
    630 pointsBadges:
  • CharlieBrowne
    I was a contractor for a company where their produciton enviornment was spread over 7 very large AS400 machines. We also a few machines for development and testing. 6 of the machines contained detail customer information for their various markets. 1 main machine had a single file with a record for each customer and it identified which market (thus which machine) the customer data resided. The market machines could contain multiple markets or a single market. A market consisted of about 25 files that could contain customer information. We had a project to move customers from one market to another. The control file was on the master machines and jobs were sent out to run over the other six moving the data, then updating the main master file. * We were only given two machines for our testing. One Master and one machine that had multiple markets. We needed to ensure processes were completed in a certain order to insure data integrity and more importart to have the complete process completed in less than 5 hours. * It worked great in test and our timings projected we would be done in plentty of time. NO BACKOUT PROCESS was allowed to be developed in case of any problems because it would have been to costly. ---- Contractors were not allowed to signon to the production machines so we could not run the process of even monitor to see how it is going. The company supplied one administrator that could sign on to any of the production machines and look up information for our use. He started the process and within a short periord of time we knew we had a real disaster on our hands. There was no consistency between the 7 production boxes. The same job descriptions had different library lists and sent jobs to different job queues. Authority was different on each machine so jobs crashed on some machines but not others, or at different places in the process. We had hundreds of jobs running across the 7 machines and only one person that could do anything. We called management and the sent in an additional 15 contractors to supplement the the 5 we had there. The USRPRF and PASSWORD for the one person that could get on the produciotn machines was written on the white board so we could signon and other could as they came in. THIS PROFILE HAD TOTAL AUTHORITY ON ALL 7 BOXES. It took us over 12 hours to get the machines at a stable enough point before we could let any users on the system. After that the data cleanup effort took another 2 weeks with all 20 contractors work overtime. AND WE WERE ALL STILL USING that single profile and password. * In addition to all our time there was a substantial amount of work done the execs and customer relations staff simce we were moving phone numbers and some people got theirs switched so they were not getting their calls. This included large corps that lost there 800 numbers. ** Oh BTW, There is more to the story, but the immediate response form management was to fire as many people as they could. After a detail document was created as to why this disaster happened (we proved it was upper management not giving us the time or resources required to do a full test), no one was let go.
    62,385 pointsBadges:
  • batye
    rogue employees always think IT security only for show. I came across - after employee termination he did continue use company cloud... after police got involved as he was accessing some of the HR files via cloud... I do recommend better safe than sorry ... change passwords and cloud access configuration after employee termination... just my two cents :)
    3,080 pointsBadges:
  • Congratulations to our iPad Contest Winners - ITKE Community Blog
    [...] some great questions, answers, and discussions in the past month thanks to all of you. From your Security Worst-Cases to your must-read tech blogs, you’ve shared your knowledge and experience and we’ve [...]
    0 pointsBadges:
  • Cloud Security Wrap-Up - Enterprise IT Watch Blog
    [...] Security Worst-Cases: Spadasoe, Fork92, Mpez0, CharlieBrowne, and Batye spill the beans on their firsthand experiences with security gone awry. [...]
    0 pointsBadges:
  • Featured Member: Fork92 - ITKE Community Blog
    [...] Open IT Forum: Security worst-cases [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: