|
How big is your company? Do you have a security group that
doesn't report through the CIO? This is almost certainly unacceptable corporate
exposure that your CIO really doesn't have the right to expose the company too
on his own in my opinion. This is the kind of thing that I would certainly
really push up the ladder hard and would be willing to be terminated for.
However, it completely depends on your feelings on the matter. Is it something
you would quit over? If not, then it probably isn't something you would want to
be fired for and making a stink of it other than simply reporting it to your
direct manager is probably not what you want to do.
In your shoes, I would consider locking down the traffic
from that address or range of addresses with ipsec or something else under my
complete control and report it to my management and security to make a call on
what the next steps were. If your company is so small that the CIO is directly
tasking you, I expect you don't have a separate security group and you may have
very very little recourse other than to talk directly to the CIO and
explain the risk he is putting the company in (he told you what to do directly,
IMO, that gives you the right to question and explain why you think it isn't
right). If he still says full speed ahead, say damn the torpedoes and go with it
OR throw up the white flag and move on to bigger and better things. Again, if
you don't have a separate security chain, it is a good chance that you have no
leverage to fight so you could never "win" so the battle is not very appealing.
Another way of looking at this is if something bad happens,
whose ass is up on the firing line? If it is mine, I certainly would make it
very clear how bad I thought this was so my rebuttal at the time of the decision
to fire or not is "I told you this was stupid". Then again, I am very much about
doing the right thing and have enough job security that I am not overly upset
about losing a crappy position.
As the others said, that AD and that company isn't yours.
But, IMO, it is your job to make sure you speak up when things are not done
properly. If not, you are admitting that you were simply hired to push buttons.
Our jobs as admins is to help our management make good decisions
and recover from stupid ones as well as implement all of them, smart or
stupid. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Friday, August 19, 2005 11:38 PM To: [email protected] Subject: [ActiveDir] Kinda OT: Advice welcomed Here’s a question for
everyone: Your CIO decides it is
cheaper to host an application remotely at a site that you know nothing about
(and for that reason do not trust). He then decides on his own that he will just
tell the network guy to open port 389 to one of your production DCs without
consulting, or even mentioning it to you or anyone else that may have something
to say about the security risks. Then he asks you to create a test user account
for a junior admin to test with, and gives the remote site the username and
password. What do you
do? |
Title: RE: [ActiveDir] OT:Exchange 2003 SP1 bloat
- RE: [ActiveDir] Kinda OT: Advice welcomed joe
- [ActiveDir] Getting the Pre Windows 2000 name for a d... SysPro Support
- RE: [ActiveDir] Kinda OT: Advice welcomed al_maurer
- RE: [ActiveDir] Kinda OT: Advice welcomed Douglas M. Long
