Interesting…that was my thought exactly when I first read the story:
It’s really not all that difficult to break into a CISCO box if you have physical access. The procedure is pretty straight forward and doesn’t take all that long to accomplish. Sure, there would be a disruption, but if they need their network to be up 24/7/365 then they probably need to make sure more than one person has the freaking password (I know it’s an apples to oranges comparison but sheesh!).
ETA: This part is interesting.
Again though it would be easy to simply break into the box directly and circumvent the local authentication…hell, once you use the password work around procedure you could blow all that crap away if you wanted to.
Well, there were rumours that he’d not saved the running configurations to flash.
I do not know of a Cisco password recovery procedure that does not involve a reboot, so you’d have complete access - to a blank router. Not a good thing for a production network. Incidentally, IOS 12.3 sports something very much like this as a feature (“no service password recovery”). You can still break into the router with the usual <CTRL>-<Break> during boot - but it will erase the startup configuration before the console gives you access.
If no one has backups - or if the backups are of unknown quality, which is almost as bad - I can see why the mayor had a talk with the guy. Breaking in may or may not work, but the risk of failure is pretty darn high, and the consequences could be pretty bad.
I expect the post of CIO for San Francisco to become vacant Real Soon.
I’m trying to be as generous as the writer of the article linked to earlier but…this guy and I would seriously be butting heads over this. The guy sounds like a nut, and CCIE or no CCIE there is no way I would have let his security policies (such as they were) stand.
From the article it seems he must have had a TFTP server out there somewhere with the configs on it that he was reloading (manually) in the event of something like a power failure. Crazy. And he also disabled (though I’m not sure how…must be a physical dip switch or something like that in the router/switch) the password recovery procedure so you couldn’t use control/break during IOS reload.
Very bad. It’s, simply put, stupid, to rely on one person this much. I can understand why the guy wanted to ensure that no one screwed with his config, especially if he was the only one who really understood how it all works (which is stupid as well, though I’ve known a lot of IT engineers who play this game), but that’s what change control procedures are for. There is no excuse for this lash up of a system…though I don’t put all the blame on the engineer. The admin types were as stupid (if not worse) than he was for allowing this to happen.
According to the article they have replaced him already. I wouldn’t want to be in the new guys shoes, personally. They couldn’t pay me enough to take over what seems like such a complicated system with little or no apparent documentation. Also, there is no way I would put myself in the same position as the sole engineer responsible for every aspect of the infrastructure…that position requires a staff, not a singe engineer, even if he is a CCIE. No way I’d be on call for everything 24/7/365…they couldn’t pay me enough for that.