Fall 2008 Internet2 Member Meeting

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Loss of Network Control Incidents

Time 10/15/08 04:30PM-05:30PM

Session Abstract

A major western city recently found itself
"locked out" from its own network for a
multi-day period, allegedly as a result of
actions undertaken by one of its own staff.

Regardless of its cause, loss of network
control for multiple days is clearly a
"disaster," albeit not a traditional disaster
(such as those caused by fire, extreme
weather, earthquakes or other
geo-environmental causes).

In discussions of this incident on the
Internet2 Salsa-DR (Disaster Recovery) working group, many important implications emerged.

Some of those implications include the
importance of having: (a) established
procedures for password recovery/reset
in the event that an administrator forgets,
loses, or is otherwise unable to supply a privileged password when required; (b)
offline backups (and any passwords
which may be needed to access those backups,
e.g., if they've been encrypted); (c) a well-documented and up-to-date written system configuration, in case a system needs to be
re-built from scratch; (d) procedures for
handling human resource issues which may arise
in conjunction with individuals working in
sensitive positions; (e) the value of periodic
security audits; and (f) the risks of running thinly staffed in key technical IT areas, among other things.

This presentation will review that incident, and discuss the lessons which we might apply to our own campus networks and systems.


Speaker Joe St Sauver Internet2/University of Oregon

Presentation Media

media item thumbnail Loss of Network Control Incidents (pdf)

Speaker Carl Brandt Louisiana State University

Speaker Joe St Sauver Internet2/University of Oregon

Secondary tracks System and Network Security for Advanced Networks

gold Sponsors

bronze Sponsors

Food and Beverage Sponsors