DarkMarket_ Cyberthieves, Cybercops and You - Misha Glenny [10]
By the middle of 2007 the company had reached a stage where it desperately needed to manage its computer infrastructure. Outsourcing its maintenance and security was proving an expensive option, and the company found the management of all its various cyber needs ever more taxing. The directors decided they would commission a fresh approach to the whole system.
In Darryl Leaning, an easygoing local lad, they found just the right person to take on the job. Apart from his technical competence, he was young, scrupulously honest, but perhaps most importantly his relaxed, friendly manner disguised an unusually sharp wit. For it is a little-appreciated fact that the very best computer managers are as talented in managing social and psychological expectations as they are in fixing widgets.
The minute he walked into the office for the first time, Darryl realised that Grimley Smith’s computers needed urgent attention. His overriding concern was that all staff members had ‘administrator rights’ at their workstations. They could install any program they wanted and use any online services they selected (except for pornographic material, which the previous IT regime had centrally blocked).
On a family computer, a single individual (usually a parent) will act as ‘administrator’. He or she can choose, for example, to limit electronically the amount of time other family members spend on the computer, or can restrict the type of website that the rest of the family is permitted to visit.
One of the most important ‘privileges’ that family PCs will confer upon the administrator concerns the installation of new software programs. In this way, parents can prevent children playing games that they consider unsuitable. But they may also exercise this privilege to stop software of dubious origin being downloaded, because the program could contain a virus or other malicious material that would leave the family’s entire digital world vulnerable to attack.
The same principles obtain in a business environment, except usually on a larger and more complicated scale. The first problem Darryl identified when he started work at Grimley Smith was the absence of a central administrator. It was insupportable in a modern business, he argued to the directors, that the staff could upload, download or install anything they desired.
He told them that central control was essential to prevent people from unwittingly allowing viruses to breach the network’s defences. He explained that the employees were, in all likelihood, entirely trustworthy – you don’t put anti-virus software on your system because you suspect your colleagues of wanting to infect it, because on the whole they don’t. The same applied, he continued, to the issue of software installation – and everything else, for that matter. The value of data in a highly specialised company like GSA is effectively incalculable. If it fell into the wrong hands, it might destroy the company.
Certain problems confronted Darryl in his crusade to purge Grimley Smith’s computer system of harmful vulnerabilities: those invisible digital holes through which worms, trojans and viruses could slip unnoticed. First, he understood that people resist surrendering privileges they already enjoy – and, apart from viewing writhing naked bodies, the GSA staff enjoyed a lot. For a young techie, Darryl demonstrated a firm grasp of the psychology associated with computer use. Somehow he had to wean staff off their local administrator rights. He decided the best way to do this was incrementally. He knew that people don’t like losing things they