How to Spot a Rogue Systems Admin and Protect Your Data

How to Spot a Rogue Systems Admin and Protect Your Data

Can you trust your systems admin?
Image source: DevGuy99 via Wikimedia Commons

Your admins are vital to both the functioning of your systems and the security of your entire organization. Most of them are honest, ethical, hard workers who do a sometimes thankless job without complaint. But even one rogue admin can cripple your company by locking down your systems, running off with your data, or worse. Knowing you may have a rogue administrator, or one with a tendency to go rogue, can help you remain alert to the signs of trouble and minimize the damage.

Rogue admin stories are often uncomfortable and chilling to read. They can be exceptionally difficult to track down since most organizations prefer not to reveal this kind of trouble. But they’re out there, stemming from certain personalities with a tendency to go against the grain. Unfortunately, the only solution in cases this extreme is to find a replacement – ideally before they wreak havoc.

Don Quixote – The Knight Errant

Some admins are too enthusiastic for their own good or yours. They are the most skilled and intelligent administrators on the planet – in their own eyes. These admins certainly mean well, but they feel responsible for the well-being of your organization as if no one else is fit for the job. Perhaps they are not the mad men depicted by this classic character, but their self-importance can present a problem for your business.

You can spot this admin by their extreme methods in enforcing the rules. Instead of bringing problems to management, they aim to fix them on their own without considering right and wrong. Strategic security expert Jon Herimerl details the account of a systems admin who was on a mission to lock down every bit of data in his company with less than ethical means. He roamed the halls looking for users who failed to log off and then left their machines unattended. When he came upon them, he permanently deleted these users’ files as a “lesson.” Finally caught in the act by a developer who was four months into a project with no backups, the admin literally received a punch to the face from the developer.

Communication is vital to helping the rest of your staff cope with an admin like this. This employee needs to tame personal crusades and instead find fixes that work within ethical boundaries. If this kind of behavior continues, it puts your business’ profitability at risk and creates an uncomfortable work environment for everyone else. If he or she can’t be tamed, this rogue admin has to go.

Joel Goodson

In Risky Business, the 19-year-old Joel Goodson managed to run an illegal side business without being caught. This personality type, the systems admin turned salesman, knows how to route traffic and change firewall rules to cover up his little side business. He may be running a distasteful website from your servers or selling off company equipment on eBay. He could even be selling consumer information to the highest bidder. That’s what help desk worker Philip Cummings did while working for a credit card processing firm, selling credit reports for $30 each to criminals. Cummings was caught when his criminal clients became greedy and stole the information of 15,000 customers. He testified against them in exchange for immunity.

Unfortunately, these types aren’t always easy to spot. They are most often uncovered when a new admin comes in and unravels the complex network changes that made the previous admin’s business venture possible. For example, Mobile Active Defense uncovered an employee running a pornography site from its servers only after a routine network scan checking for rogue communication devices uncovered the worker’s external modem.

Curious George

Some admins are just curious. They can’t help peeking into your systems when they think no one is looking. Your first clue that you have this particular admin on staff will be the occasional email leak or company plans revealed before management has made a decision to make them public. This admin can cover his tracks, but he can’t cover the gaps left in the logs that he has deleted. Keep an eye out for logs with missing time.

One Spiceworks community member described a management concerned that an admin was reading their emails. When asked if he had access, he openly admitted he could access everyone’s email – and followed it by saying there was no way to stop him from doing it. Obviously, any admin with this attitude cannot be trusted and has no place in your organization. This same type of admin has no qualms about downloading his own copies of your trade secrets to sell to the highest bidder as an insurance policy for his job.

Take Back Control with HyTrust’s CloudControl

No single administrator should have this kind of power. It doesn’t have to be that way. With HyTrust’s CloudControl, you can ensure you have an eye on the people who are managing your virtualized data center or private cloud, and even put automated controls in place to prevent undesirable activity. Secondary authorization controls can ensure there is always a second set of eyes so an admin cannot give himself full control of your systems without another’s approval. This can stop a rogue admin before their plans even start.

Call us today to find out all the ways in which CloudControl can prevent admins from hijacking your data.

We have placed cookies on your device to help make this website better. By continuing to use this website you agree to our Cookie Policy.