Home > Sysadminery > When security takes a backseat to process…

When security takes a backseat to process…

We are currently going through an ITIL implementation.  It’s had it’s ups and downs and philosophically I don’t really believe in it (certainly not in our implementation), but it’s had a few successes and a few failures.  Without droning too much about it, to make any ‘production’ change you have to file an RFC that gets reviewed by a management team.  There is a relatively recent DNS attack that involves using root zone recursion to DOS a target server.  We’re vulnerable to being used in this manner.  It really doesn’t affect us much  as that our servers handle the requests fine, but we’re assisting in a DDOS and that’s not good.  For us the fix is pretty straight forward, because of some historical decisions we have to allow recursion for certain ips, so I need to segment things off into a tighter view and eliminate recursion there.  This is a  pretty straight forward change and one that I would do without a second thought (after testing).  Due to our current climate of process I have to file an RFC, which is fine, I’m not real happy about it but I’ll live.

However my RFC was denied not because of any technical reason, not because of any concern over the technology, the implementation, or the timing.  It was denied because I didn’t put the correct information into the details page and because my dates were wrong.  I’m all for doing process right (when it makes sense), but does it make sense to derail a security fix for 4 days because the form was incorrect?  Especially when there exists a forum in which you can be asked to clarify anything regarding your RFC.

Now when security takes a backseat to process, your organization has truly begun the decent to failure.  This may indeed be the straw…

Categories: Sysadminery Tags: ,
  1. February 16, 2009 at 1:36 PM

    Uh did you get that memo? Yeah. You see, we’re putting the coversheets on all TPS reports.

    Yeah. If you could just go ahead and make sure you do that from now on… that would be great.

    (Need some hypnosis there, Stick?)

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: