The News & TeleGraff

One of my friends, Matthew, has a great blog about tech issues and his own experiences with geekdom—I learn a lot about hosting and servers and the like from him. His post today about the professionalism of sysadmins echoed something that I heard from a guy here in Washington a few weeks back who does dark-art computer security, the really high-level stuff when someone hacks into Mastercard and steals a million accounts or the Pentagon finds itself under attack from the Chinese.

Here's Matthew's observations today:

I frequent WebHostingTalk.com, a really good forum for people in the web hosting industry. There are lots of really knowledgeable people on there….but some are just distressing. One guy posted, maybe a year ago, that he was getting a “private room” and didn’t know what he’d need for equipment. Did he need a router? Switches? A “private room” in a data center, by the way, is to host your many racks of servers, walled off from others for maximum security. You’ve got to be a very big place, with a very big budget, to be doing that. This is kind of like asking, “I’m buying a 500,000 square foot warehouse. What do I need? Do I need a forklift? Lights?” (A lot of answers were basically, “What do you need? You need an IT department, and someone who doesn’t have to ask this question.” Although my favorite answer was, “Padded walls.” Normally it annoys me when people give rude answers online, but I couldn’t help but burst out laughing.)

...

Who are these people? I wouldn’t post a blog making fun of people who didn’t know otherwise obscure things, except that these should be basic little tasks for people in these positions. It’d be like a certified (not certifiable, but certified) sysadmin for Windows systems posting and saying, “I need to change my desktop background? How can I do this?” Or a car mechanic, who’s gone on and opened his third garage, posting and saying, “The oil in my car is old and dirty. Is it possible to somehow drain the old oil and put new oil in?” Or, for the more absurd requests we see, someone posting on a financial forum about how they’re starting a lemonade stand and think they need $750 billion in startup capital, wondering what bank will give them a better interest rate. It just shocks me that these people are successful and yet so clueless.

According to my source, one of the biggest challenges in network security right now is how IT is often an afterthought in the initial stages of a company. You start a law firm and you first hire your couple of lawyer partners then one of them has a nephew who knows something about computers and you get him to set up your email servers and network. Then as the firm grows, he gets hired on full-time since he built the original system. Before you know it you're running a massive firm with the same nephew overseeing the IT and your systems aren't nearly as robust or secure as you need them to be. My source says he's seen a couple of law firms who have had entire casefiles hacked and lost because of bad IT.

If you're thinking about setting up a company these days, make sure you get your IT right from the start—it's going to be much less expensive and easier in the long run, even though it'll be more difficult and more expensive as you get started.

The web is much too scary of a place these days to try to do it easy on the cheap.