This article is more than 1 year old
How to stop a content filter becoming a career-shortening network component
He's not just a Big Cheese. He's a very naughty boy
Who, Me? "Be careful what you wish for." Words that might strike a chord with the IT boss in today's edition of Who, Me?
"Lee", for that is not his name, told us of his time as an IT consultant in the Far East, working for a family-owned bank. The bank was extremely wary of this new-fangled internet thing and allowed a favoured few members of staff online, but not much else.
"We were hired by the head of IT and tasked with reviewing their information security posture," said Lee, "and it quickly became clear they needed something better than their simple firewall, to include content monitoring and logging, as well as the usual internal firewalls and other protections."
It was all straightforward stuff. A system was specified and a rule base prepared. The bank's IT team was sent off to procure the requisite bits and pieces and Lee got ready for the formal review of the set-up.
"Some weeks later we returned early one morning to conduct our certification review," said Lee, "and were met by a visibly nervous head of IT."
The team worked through the checklist regardless, up to the point of reviewing the new firewall and content scanner. No problem! The IT boss showed them the shiny new server, lights ablaze. "There it is!" he proclaimed.
Er, right. However, Lee really needed to take a look at the configuration and logs as part of the review.
No dice. "That would not be… convenient," replied the head of IT. A translation for those unfamiliar with the customs of the region would be a flat "NO" (just without the offence that might have been caused).
- Hacking the computer with wirewraps and soldering irons: Just fix the issues as they come up, right?
- Scalpel! Superglue! This mouse won't fix its own ball
- Electrocution? All part of the service, sir!
- Undebug my heart: Using Cisco's IOS to take down capitalism – accidentally
What to do? Lunch, obviously!
The head of IT took Lee and co out for a splendid slap-up lunch where many adult beverages were consumed. And, lubricated by booze o'clock, the head of IT explained what was really going on.
"The bank's CFO, who was part of the owning family, had a predilection for visiting online live strip sites," Lee, who had remained relatively sober, recalled, "and would frequently do so from his desk using the bank's systems."
Nobody challenged him on this because his response was to simply fire the messenger and hire someone who knew to keep quiet.
However, if the content scanner was turned on then the IT department would have firm evidence and have to confront him. And all would then immediately lose their jobs.
Sure, the content scanner looked like it was running. The lights were on. But nobody had plugged it into the network since doing so would result in an abrupt shortening of careers for all concerned.
What to do?
One of Lee's colleagues came up with a solution that left everyone satisfied. A new, high-spec encrypted laptop replete with private internet connection separated from the bank's network was procured for the CFO.
The man's ego was subjected to some inflation with the explanation: as one of the biggest of cheeses, the information he dealt with was obviously super sensitive and so couldn't go anywhere near the network used by his underlings. Of course he needed something special, as befitted his exalted position.
With the CFO now happily, er, "browsing" on his own connection, the content scanner could then be properly fired up "and everyone was able to return to business as usual with their jobs intact."
Ever found yourself dodging the boss's blushes when something turned up that was most definitely... not convenient? Confess all with an email to Who, Me? ®