The city of San Francisco’s IT department is certainly not the exception when it comes to allowing just one person to have unfettered rights to make password and configuration changes to networks and enterprise systems.

In fact, it’s a situation fairly common in many organizations — especially small to medium-size ones, IT managers and others cautioned in the wake of the recent Terry Childs incident. Childs, an employee working for San Francisco’s IT department, used his privileged access to lock everyone out of a crucial network for days.

A network administrator working for San Francisco’s IT Department of Telecommunications and Information Services (DTIS), Childs was arrested on July 13 for allegedly tampering with the city’s FiberWAN network. He is also alleged to have planted network devices that enabled illegal remote access to the FiberWAN network, which carries almost 60% of the city government’s traffic.

He was jailed on $5 million bond after refusing to divulge the passwords he had used to block access to the network. Childs pleaded not guilty to the charges against him at a hearing in San Francisco Superior Court last week and asked for his bail amount to be lowered.

At a bail hearing Wednesday, a San Francisco Superior Court Judge refused to lower the bail, even though Childs in a dramatic move earlier this week disclosed the passwords to Mayor Gavin Newsom in a jailhouse meeting. His next hearing is scheduled for September…

Source: ComputerWorld

Tags: , , , ,