Firewalls? Pfft – it's no match for my mighty spares-bin PC
You say 'temporary', they hear 'permanent'
Who, Me? Start your week with a warning about those temporary emergency hacks that all too often end up permanent in today's edition of Who, Me?
Our story comes from "Gary" - for that is not his name - who worked for a firm that offered a variety of services to the UK banking sector. Back at the turn of the century, our hero was tasked with testing the software to support a contract the company had with one of the bigger banks.
It was a simple enough task. Data had to go from point A to point B. However, the bit between A and B involved some proprietary encryption software and a couple of obscure ports. Not ideal, but still – should be easy enough to get the data flowing?
"Except it didn't," Gary told us, "because after several fruitless months, the new shiny 'Big Red Firewall' still flatly refused to pass packets on two ports from one host to the other."
Over some adult beverages, he'd joked with the project manager that, heck, even with his basic Linux skills he could lash up something with an old PC and a pair of network cards that would do that job... and a few months later the PM asked him if he was serious.
How hard could it be? A PC and some NICs were scavenged from the spares bin. A Linux distro was installed and tweaks were made with
iptables and... hey presto! A working solution!
Frankenstein's computer was slotted into a spare rack in the main server room, effectively bypassing all that costly firewall technology. "I offered a large warning that it was a very temporary fix," said Gary, "not on UPS, no disc redundancy, crap hardware, etc. etc."
It did, however, work. It worked through the busy Christmas period. It worked into the new year. Weeks turned into months. The months rolled by, and still the data flowed.
- Don't touch that dial – the new guy just closed the application that no one is meant to close
- I would drive 100 miles and I would drive 100 more just to be the man that drove 200 miles to... hit the enter key
- You want us to make a change? We can do it, but it'll cost you...
- A practical demonstration of the difference between 'resilient' and 'redundant'
"The bank (presumably) never knew any wiser except it was working as they needed."
As for Gary's reward, "I was made redundant in this time in a 'cost saving exercise' (massive cull)." He also forgot all about the hacked-together link until his phone rang and he heard the voice of an ex-colleague.
The link was down and, after a monitor was connected, the only text on the screen was "Loading vmlinuz..."
"Now, this may have been down to a cocked up kernel upgrade," said Gary, "ensuring it was as patched as it could have been after it was in place (oh, how I don't miss LILO and needing to rerun it for kernel upgrades); presumably the power had cycled at some point and triggered the issue."
He was, however, currently in Europe and unable to collect the consultancy payday for getting the PC to boot once more.
Instead, it was time for his former colleagues to rip off the temporary sticking plaster and make things work as designed, othewise data (and cash) could not flow.
"Amazingly, the proper firewall was made to work inside of 48 hours. Amazing how attention was somewhat focused..."
Patch your conscience regarding a hack that hung around far longer than it should have with a confession to the understanding vultures staffing the Who, Me? desk. The Regomiser awaits. ®