Anton Chuvakin is not an idiot

I remarked on a blog post by Anton Chuvakin a little while ago, discussing his apparent anti-admin stance. His post in response is quite entertaining, and no, he's not an idiot. His points on logging and auditing are spot on. If I had a dollar for every syslog server I've installed, or every time I was heartily thankful that centralized logging was running, I'd... well, I think I do have a dollar for each one of

I remarked on a blog post by Anton Chuvakin a little while ago, discussing his apparent anti-admin stance. His post in response is quite entertaining, and no, he's not an idiot.

His points on logging and auditing are spot on. If I had a dollar for every syslog server I've installed, or every time I was heartily thankful that centralized logging was running, I'd... well, I think I do have a dollar for each one of those. Anyway, to me, this isn't the issue. Good admins log. Great admins log paranoiacally. Bad admins don't bother. His point on the "bus test" is fairly accurate too:

"it is an unacceptable risk for all but the smallest organizations to have one person who have the power to control access to critical systems AND to place no controls (neither monitoring, auditing nor preventative) on his activity."

However, it's highly unlikely that an organization in that kind of situation would have the wherewithal to implement logging and auditing without the help of that "one person", who could obviously circumvent the process whenever they liked.

It wasn't those stances that rankled me, it was the "start logging and monitoring (and then controlling) their actions!" quote. When management starts controlling the actions of admins, things start to fall apart. When admins become automatons that will do whatever management thinks is best for the network or infrastructure without question, problems appear like magic.

There's a divide between a request and reality. This is true in just about any profession, but in IT, it seems to be taken to another level. Perhaps it's human nature -- non-technical people tend to think that because they're familiar with computers and can send an email, that they have some kind of deeper knowledge than they do. They wouldn't think this way of their doctor, but they will of their IT staff. After all, they both sit in front of monitors every day, right? Oh, and this isn't a just a small business or enterprise problem, this crosses all boundaries.

It's pretty simple, really. Management needs to make business needs clear to IT, and then trust the IT admins decide how best to make that happen. If they can't trust the admins, it's time for either new admins or new management.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies