>If anyone believes that you can totally lock down access to every system on your network from your trusted sysadmins and have 100% audibility and accountability you are unfortunately living in a fantasy land. NSA or not, this really isn't something that is 100% preventable.
A /huge/ part of managing systems is vetting the folks who must be completely trusted. As part of this, you want to reduce the number of people you trust 100%, but yeah, some still exist.
Those people you trust 100%? you must vet them carefully. You should not put some random contractor in that position. Clearly, as Regan would say, "mistakes were made" - and nobody seems to be taking responsibility.
Just keeping the secret data on a secured server that only a few, very highly vetted sysadmins had root access to, that carefully logged all requests for information (and set off a pager somewhere if too many unscheduled requests were made) would have solved the problem, assuming you didn't hire some random body shop to staff /those/ sysadmins.
I mean hell, I get paged sometimes because some fuckwit at one of my upstreams starts bouncing my packets that are traveling from san jose to sacramento through texas. Surely, someone could be woken up if someone starts accessing suspicious amounts of data at once.
This is part of the huge "who you know" factor in the valley; Generally speaking, you hire folks that your current folks know. Not only does this provide some technical validation, it also makes the cost of defection higher. (Of course, there are lots of downsides to that approach, too.)
But no matter how you do your vetting, you /must/ vet folks with root.
And you can (and should) reduce the number of folks with full root. Especially when there is sensitive data on hand. Give your contractors limited tools.
> Just keeping the secret data on a secured server that only a few, very highly vetted sysadmins had root access to, that carefully logged all requests for information (and set off a pager somewhere if too many unscheduled requests were made) would have solved the problem, assuming you didn't hire some random body shop to staff /those/ sysadmins.
The problem with that theory is that you're assuming only some data is secret. Actually, all the data is secret. Even the information about which data is secret, or what are the criteria of secret data, or how secret data should be handled. Everything is secret.
So rather than dealing with a neat pack of documents that you want to keep secret, think of an organisation with 100k+ people where every single bit of data they produce or interact with every single day is top secret.
A /huge/ part of managing systems is vetting the folks who must be completely trusted. As part of this, you want to reduce the number of people you trust 100%, but yeah, some still exist.
Those people you trust 100%? you must vet them carefully. You should not put some random contractor in that position. Clearly, as Regan would say, "mistakes were made" - and nobody seems to be taking responsibility.
Just keeping the secret data on a secured server that only a few, very highly vetted sysadmins had root access to, that carefully logged all requests for information (and set off a pager somewhere if too many unscheduled requests were made) would have solved the problem, assuming you didn't hire some random body shop to staff /those/ sysadmins.
I mean hell, I get paged sometimes because some fuckwit at one of my upstreams starts bouncing my packets that are traveling from san jose to sacramento through texas. Surely, someone could be woken up if someone starts accessing suspicious amounts of data at once.
This is part of the huge "who you know" factor in the valley; Generally speaking, you hire folks that your current folks know. Not only does this provide some technical validation, it also makes the cost of defection higher. (Of course, there are lots of downsides to that approach, too.)
But no matter how you do your vetting, you /must/ vet folks with root.
And you can (and should) reduce the number of folks with full root. Especially when there is sensitive data on hand. Give your contractors limited tools.