Munchausen by proxy

I've met many network admins that consistently refer to their network -- or at least the portions under their control -- as if it was their only child. This really isn't much of a stretch, since they've poured hours and hours of time into the design and operation of the network, and can sense when something's just not right although no overt problems seem to exist. These admins are the ones to cherish and rewar

I've met many network admins that consistently refer to their network -- or at least the portions under their control -- as if it was their only child. This really isn't much of a stretch, since they've poured hours and hours of time into the design and operation of the network, and can sense when something's just not right although no overt problems seem to exist. These admins are the ones to cherish and reward, as their mindset can only lead to a healthy and successful infrastructure. But the anthropomorphism doesn't always stop there.

There is a relatively rare but shocking human condition called Munchausen by proxy. The basic concept of this disorder is that normal adults will deliberately exaggerate, exacerbate, or even completely create physical or mental health problems in others for personal gratification. The translation here is all too obvious.

For an admin that knows the network inside and out, the creation of a problem that only he can fix provides the reward desired, whether that be a glimmer of awe in a coworkers eye, public recognition, or even a raise by a thankful boss. Some of this desire is fueled by the perceived lack of job security, with artificial problems and remedies seen as a way to prove their worth.

Unfortunately, most infrastructures don't have a good way to track admins. Admins are trusted individuals, and it's common to have root and Administrator accounts available to multiple people, rather than the use of privilege elevation for admin accounts. This permits nearly untraceable root-level access to systems. A few layers down, the lack of TACACS+ or RADIUS authentication on network devices forces admins to use the same local accounts on switches, routers, and firewalls, again obscuring the actual mind behind the keyboard when changes are made.

In some respect, this moves into a discussion on change management practices, but larger organizations have likely implemented individual user accounts already, even if they have not implemented a full change management protocol. Smaller companies are definitely more at risk, as it's less likely that any of these measures are in place.

While I certainly don't think that this form of internal sabotage is commonplace, I've seen a few too many inexplicable problems occur on previously solid infrastructures with equally inexplicable remedies to think that it's not possible. In those instances, whoever, absolute proof was simply not available due to the lack of logging and audit trails.

Remember that especially in a small and midsize company, the IT guys can see and do everything on the network -- always assume that. Therefore, they need to be some of the most trusted employees at the company. If there's an abundance of odd problems followed by miracle saves, it might be time to call in some help. At the very least, be sure that even root-level access has an audit trail, and that individual accounts are used wherever possible. A problem like this is definitely worth the ounce of prevention.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies