Rick Smith, Network Manager for Bio Med's Center for CAAS
"I am fully convinced that I do not need to know all the answers, just know how to get someone or something that does for that particular incident."
"So it's either you pay by planning or pay by being exploited, but in either case, "NOT paying" is "NOT an option."
Inside IT Security at Brown: Rick Smith, Network Manager
Rick Smith is the network manager for the Center of Alcohol and Addiction Studies (CAAS) and for the Department of Psychiatry and Human Behavior (DPHB). His responsibilities include oversight of the technology life cycle of his departments' computing hardware, management of its off-campus WAN connection to Brown, their servers' disaster recovery plan, working with CIS staff on firewall rules for the servers, and with a computing support staff of one other person, who together support a staff of 200+.
Q: You work for two Bio Med departments, CAAS and DPHB. What's the computing environment that you support there?
We have around 250 nodes, the majority being computers, plus other network devices (routers, switches, etc). Since we are a remote site, I am responsible for the WAN connection to Brown, currently 2 T1 lines. I work with CIS on our firewall rules, and work with a computing support staff of one other.
We are running probably the simplest version of Windows 2k server environment, using some features of AD (Active Directory). We have a 95% PC environment, with our Mac environment quickly moving to a 0% population. For training support reasons, due to our limited resources we decided to simplify our computing support and standardize on one platform.
We have created a culture where we have the groups we support turn to us for every and any computing needs. When we can, we resolve them. When we cannot, we look to Help Desk, Sys-Admin listserv, and the like to get appropriate help to remedy the current ailment.
Q: Describe your biggest challenge(s) as a network manager regarding information security.
A: That would be creating a quick response for the inevitable breach or exploited computer due to malware (note that I refer to all viruses, bots, spyware and the like as ‘malicious software' or ‘malware'. . . it's all the same to me).
Q: Is this the same challenge you would have faced at the start of 2004? If yes, is this good or bad news for you? If no, how has the security terrain changed since then?
A: The challenge is the same, but that is neither good nor bad news. It just means that we are alive and there will always be bad people doing bad things. The only time I feel affected negatively by this is when we (my immediate supervisors and I) are caught unprepared.
Q: What advice would you like to give the average user (that they may not have heard from CIS)?
A: Plan for the inevitable, as there is really no way to say you will not be hacked. There is too much coming and we are too understaffed and under funded to say that any 5, 20 or 2,000 steps will prevent you from never getting hacked, exploited, etc. The best advice it to have a plan in place for disaster recovery, and just as important, to practice the disaster recovery. It is critical for all users to have a plan for when the unexpected happens.
Q: What skills and experience do you bring to your job as network manager?
A: I think my ability to see the big picture and merge resources, to get the best out of people and things, and to see the opportunity inside of obstacles and visa versa. I am fully convinced that I do not need to know all the answers, just know how to get someone or something that does for that particular incident.
I work well with my peers, supervisors and my constituents. I like having fun and make it fun to work with me. Finally, I think I do my best to ensure that prescribed service-quality objectives are met with a "whatever it takes" mentality.
It's intense from start to finish, everyday. My goal is to keep it as intense and focused as possible, while not becoming too tense in dealing with the deluge.
Q: What do you like most about your job?
A: Resolving problems, be it big or small, but especially when it is perceived as "can't be done." These give me the greatest satisfaction. Equally, I love making those, who work with me and for me, better.
Q: This issue focuses on the impact of botnets. What would be your advice to readers to protect themselves from this scourge?
A: Plan for it happening to you. Purchase software and hardware that can clean your computer, but more importantly, that can image and restore your computer and its data relatively easy.
There is a diminishing return in trying to clean and clean to the nth degree. It's therefore better if you have recent backups to wipe and restore using the image. This backup system must be easy to use, a "set it and forget it" type of system, where you can schedule multiple backups and restore within the hour or so of a disaster recovery attempt. There is a current set of hardware and software solutions that works for me, so I usually mention them to those who ask.
I don't believe it's a "will it happen to me" rather "when it happens to me." The social engineering of hackers is being propelled to a level that even skilled computer people fall for it, much less the average user. There was a time a few years back when hacking was for attention, now the mantra has changed to "Why hack for kudos, when you can hack for cash?", and when cash becomes the carrot, the battle is too fierce for the average user to be safe.
So the bottom line is: plan, practice the plan, or be victimized. Now this "almost" morbid view could be hard to swallow, but I believe that this is the cost of computing today. So it's either you pay by planning or pay by being exploited, but in either case, NOT paying is NOT an option.