Mixing
My new responsibility as IT Admin - how can I deal with a situation outside my abilities? [closed]
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty margin-bottom:0;
up vote
-1
down vote
favorite
I'm a computer science student and I also work at the university I study at. Our department hosts many websites and servers. I was hired here pretty recently, and it seems my position seems to be "Software Developer and IT Administrator"
The job description said "Knowledge of systems administration and IT support are also important", however in the interview we talked only about Software Development, and there wasn't a lot of talk about IT maintenance in any of the training or meetings. It's my understanding that as standard practice of the university, there would normally be a person hired in our department solely for IT administration. However, the person who trained me and just quit is still listed as the IT Administrator by the University. He gets emails from our IT Services department and forwards them to me. It seems like the department plans to do nothing about that, instead they keep acting like I am now the IT Administrator. However, at no point was I professionally informed that I would be the primary administrator. I had assumed there would be an IT Administrator that might need help with tasks, and that was why it was included marginally in the job description.
Now, someone is launching a brute force dictionary based attack against one of our servers. We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address. I feel like I don't have the IT administrative experience necessary in this situation, and I don't feel like anyone else at my work is taking this security breach seriously enough.
How can I ensure that someone resolves this situation? I am not confident in my abilities to resolve the situation because of my inexperience.
UPDATE:
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsbilities.
If I tell my boss that I cannot handle IT Administration tasks, I have a feeling they will just ignore the entire attack and pretend like nothing happened.
work-experience
edited Aug 4 '14 at 0:24
jmac
19.4k763137
asked Jul 14 '14 at 15:05
user17647
526148
closed as unclear what you're asking by Elysian Fields♦, Garrison Neely, jcmeloni, Michael Grubey, gnat Jul 21 '14 at 1:13
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
 |Â
show 1 more comment
up vote
-1
down vote
favorite
I'm a computer science student and I also work at the university I study at. Our department hosts many websites and servers. I was hired here pretty recently, and it seems my position seems to be "Software Developer and IT Administrator"
The job description said "Knowledge of systems administration and IT support are also important", however in the interview we talked only about Software Development, and there wasn't a lot of talk about IT maintenance in any of the training or meetings. It's my understanding that as standard practice of the university, there would normally be a person hired in our department solely for IT administration. However, the person who trained me and just quit is still listed as the IT Administrator by the University. He gets emails from our IT Services department and forwards them to me. It seems like the department plans to do nothing about that, instead they keep acting like I am now the IT Administrator. However, at no point was I professionally informed that I would be the primary administrator. I had assumed there would be an IT Administrator that might need help with tasks, and that was why it was included marginally in the job description.
Now, someone is launching a brute force dictionary based attack against one of our servers. We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address. I feel like I don't have the IT administrative experience necessary in this situation, and I don't feel like anyone else at my work is taking this security breach seriously enough.
How can I ensure that someone resolves this situation? I am not confident in my abilities to resolve the situation because of my inexperience.
UPDATE:
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsbilities.
If I tell my boss that I cannot handle IT Administration tasks, I have a feeling they will just ignore the entire attack and pretend like nothing happened.
work-experience
edited Aug 4 '14 at 0:24
jmac
19.4k763137
asked Jul 14 '14 at 15:05
user17647
526148
closed as unclear what you're asking by Elysian Fields♦, Garrison Neely, jcmeloni, Michael Grubey, gnat Jul 21 '14 at 1:13
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
3
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
1
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33
 |Â
show 1 more comment
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
I'm a computer science student and I also work at the university I study at. Our department hosts many websites and servers. I was hired here pretty recently, and it seems my position seems to be "Software Developer and IT Administrator"
The job description said "Knowledge of systems administration and IT support are also important", however in the interview we talked only about Software Development, and there wasn't a lot of talk about IT maintenance in any of the training or meetings. It's my understanding that as standard practice of the university, there would normally be a person hired in our department solely for IT administration. However, the person who trained me and just quit is still listed as the IT Administrator by the University. He gets emails from our IT Services department and forwards them to me. It seems like the department plans to do nothing about that, instead they keep acting like I am now the IT Administrator. However, at no point was I professionally informed that I would be the primary administrator. I had assumed there would be an IT Administrator that might need help with tasks, and that was why it was included marginally in the job description.
Now, someone is launching a brute force dictionary based attack against one of our servers. We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address. I feel like I don't have the IT administrative experience necessary in this situation, and I don't feel like anyone else at my work is taking this security breach seriously enough.
How can I ensure that someone resolves this situation? I am not confident in my abilities to resolve the situation because of my inexperience.
UPDATE:
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsbilities.
If I tell my boss that I cannot handle IT Administration tasks, I have a feeling they will just ignore the entire attack and pretend like nothing happened.
work-experience
edited Aug 4 '14 at 0:24
jmac
19.4k763137
asked Jul 14 '14 at 15:05
user17647
526148
I'm a computer science student and I also work at the university I study at. Our department hosts many websites and servers. I was hired here pretty recently, and it seems my position seems to be "Software Developer and IT Administrator"
The job description said "Knowledge of systems administration and IT support are also important", however in the interview we talked only about Software Development, and there wasn't a lot of talk about IT maintenance in any of the training or meetings. It's my understanding that as standard practice of the university, there would normally be a person hired in our department solely for IT administration. However, the person who trained me and just quit is still listed as the IT Administrator by the University. He gets emails from our IT Services department and forwards them to me. It seems like the department plans to do nothing about that, instead they keep acting like I am now the IT Administrator. However, at no point was I professionally informed that I would be the primary administrator. I had assumed there would be an IT Administrator that might need help with tasks, and that was why it was included marginally in the job description.
Now, someone is launching a brute force dictionary based attack against one of our servers. We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address. I feel like I don't have the IT administrative experience necessary in this situation, and I don't feel like anyone else at my work is taking this security breach seriously enough.
How can I ensure that someone resolves this situation? I am not confident in my abilities to resolve the situation because of my inexperience.
UPDATE:
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsbilities.
If I tell my boss that I cannot handle IT Administration tasks, I have a feeling they will just ignore the entire attack and pretend like nothing happened.
work-experience
edited Aug 4 '14 at 0:24
jmac
19.4k763137
asked Jul 14 '14 at 15:05
user17647
526148
edited Aug 4 '14 at 0:24
jmac
19.4k763137
edited Aug 4 '14 at 0:24
jmac
19.4k763137
edited Aug 4 '14 at 0:24
jmac
19.4k763137
19.4k763137
asked Jul 14 '14 at 15:05
user17647
526148
asked Jul 14 '14 at 15:05
user17647
526148
asked Jul 14 '14 at 15:05
user17647
526148
526148
closed as unclear what you're asking by Elysian Fields♦, Garrison Neely, jcmeloni, Michael Grubey, gnat Jul 21 '14 at 1:13
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
closed as unclear what you're asking by Elysian Fields♦, Garrison Neely, jcmeloni, Michael Grubey, gnat Jul 21 '14 at 1:13
Please clarify your specific problem or add additional details to highlight exactly what you need. As it's currently written, it’s hard to tell exactly what you're asking. See the How to Ask page for help clarifying this question. If this question can be reworded to fit the rules in the help center, please edit the question.
1
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
3
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
1
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33
 |Â
show 1 more comment
1
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
3
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
1
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33
1
1
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
3
3
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
1
1
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33
 |Â
show 1 more comment
3 Answers
3
active
oldest
votes
up vote
11
down vote
accepted
You have a complicated situation.
The current situation - how to fix the immediate need
We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address
You have correctly identified this as a significant problem. An urgent one, in fact, not something you want to wait through the bureaucracy to fix.
Your university almost assuredly has a centralized IT department somewhere. You need to find contact information for them ASAP.
It sounds like the "who is your boss?" question is difficult to answer. Find contact information - preferably the physical location - for those at your university who can resolve this.
Then:
- Visit/contact your centralized IT department, preferably in person
- Doing this in person makes it much more likely
- Find someone there to talk with who has any technical background (even if the wrong person). Technical people are more likely to respond in a "you are right, this is important/urgent" manner and appreciate the importance of your situation
- Have them find you someone who has the appropriate skills
- Keep trying this until you find someone
- Describe the situation in as much detail as you can
- "Our server is compromised, we know this because other servers here are being hit from it"
- "I do not have the required skills to do this and our IT admin has quit"
- Ask this person for help resolving the situation
- No IT admin even remotely competent will expect a student to be able to fully resolve something like this
The underlying problem - who has responsibility for the IT Administration
However, the person who trained me and just quit is still listed as the IT Administrator by the University
I feel like I don't have the IT administrative experience necessary in this situation
The first problem here is you have no idea who should be responsible for the IT administration. You are assuming it is you, as the student employee.
As you correctly identify this is not a good situation.
To resolve this:
- Find out who is your previous bosses boss (ask him)
- Setup a conversation with that person
- Communicate "I do not have the necessary skills/abilities to fully be IT Administrator"
- Use this example. "We recently had a security attack and I am not knowledgeable enough to resolve this appropriately. This compromises personal information/etc"
- Make sure it is clear you are not experienced enough to manage the responsibilities.
Also, just a note which might be helpful - it ultimately is not your responsibility to be your previous bosses boss. You should not feel guilty/responsible for finding a replacement for your boss, as long as you have clearly communicated you are not able to fully perform his/her job.
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
suggest improvements |Â
up vote
3
down vote
- Inform your boss that the systems have been compromised.
- Ask for training in the admin side and indicate that you feel unable to take on any admin tasks until you have received such training. After all, nobody would be crazy enough to put an untrained student in charge all the IT admin would they...? That expectation would be completely unreasonable.
- If they expect you to deal with security threats you should also be receive separate training for that.
answered Jul 14 '14 at 15:18
Jaydee
17115
suggest improvements |Â
up vote
1
down vote
In addition to @Jeydee's fantastic answer, find an IT security expert ASAP if at all possible.
If this is a realtime threat that's happening right now, ask about and see if any colleagues, friends, or family can help provide immediate assistance. Explain it's an emergency, and why.
Fixing the long-term problem where you've been assigned duties you're not familiar with can wait until the crisis is averted, and everything is safe.
answered Jul 14 '14 at 15:50
yochannah
4,21462747
suggest improvements |Â
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
11
down vote
accepted
You have a complicated situation.
The current situation - how to fix the immediate need
We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address
You have correctly identified this as a significant problem. An urgent one, in fact, not something you want to wait through the bureaucracy to fix.
Your university almost assuredly has a centralized IT department somewhere. You need to find contact information for them ASAP.
It sounds like the "who is your boss?" question is difficult to answer. Find contact information - preferably the physical location - for those at your university who can resolve this.
Then:
- Visit/contact your centralized IT department, preferably in person
- Doing this in person makes it much more likely
- Find someone there to talk with who has any technical background (even if the wrong person). Technical people are more likely to respond in a "you are right, this is important/urgent" manner and appreciate the importance of your situation
- Have them find you someone who has the appropriate skills
- Keep trying this until you find someone
- Describe the situation in as much detail as you can
- "Our server is compromised, we know this because other servers here are being hit from it"
- "I do not have the required skills to do this and our IT admin has quit"
- Ask this person for help resolving the situation
- No IT admin even remotely competent will expect a student to be able to fully resolve something like this
The underlying problem - who has responsibility for the IT Administration
However, the person who trained me and just quit is still listed as the IT Administrator by the University
I feel like I don't have the IT administrative experience necessary in this situation
The first problem here is you have no idea who should be responsible for the IT administration. You are assuming it is you, as the student employee.
As you correctly identify this is not a good situation.
To resolve this:
- Find out who is your previous bosses boss (ask him)
- Setup a conversation with that person
- Communicate "I do not have the necessary skills/abilities to fully be IT Administrator"
- Use this example. "We recently had a security attack and I am not knowledgeable enough to resolve this appropriately. This compromises personal information/etc"
- Make sure it is clear you are not experienced enough to manage the responsibilities.
Also, just a note which might be helpful - it ultimately is not your responsibility to be your previous bosses boss. You should not feel guilty/responsible for finding a replacement for your boss, as long as you have clearly communicated you are not able to fully perform his/her job.
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
suggest improvements |Â
up vote
11
down vote
accepted
You have a complicated situation.
The current situation - how to fix the immediate need
We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address
You have correctly identified this as a significant problem. An urgent one, in fact, not something you want to wait through the bureaucracy to fix.
Your university almost assuredly has a centralized IT department somewhere. You need to find contact information for them ASAP.
It sounds like the "who is your boss?" question is difficult to answer. Find contact information - preferably the physical location - for those at your university who can resolve this.
Then:
- Visit/contact your centralized IT department, preferably in person
- Doing this in person makes it much more likely
- Find someone there to talk with who has any technical background (even if the wrong person). Technical people are more likely to respond in a "you are right, this is important/urgent" manner and appreciate the importance of your situation
- Have them find you someone who has the appropriate skills
- Keep trying this until you find someone
- Describe the situation in as much detail as you can
- "Our server is compromised, we know this because other servers here are being hit from it"
- "I do not have the required skills to do this and our IT admin has quit"
- Ask this person for help resolving the situation
- No IT admin even remotely competent will expect a student to be able to fully resolve something like this
The underlying problem - who has responsibility for the IT Administration
However, the person who trained me and just quit is still listed as the IT Administrator by the University
I feel like I don't have the IT administrative experience necessary in this situation
The first problem here is you have no idea who should be responsible for the IT administration. You are assuming it is you, as the student employee.
As you correctly identify this is not a good situation.
To resolve this:
- Find out who is your previous bosses boss (ask him)
- Setup a conversation with that person
- Communicate "I do not have the necessary skills/abilities to fully be IT Administrator"
- Use this example. "We recently had a security attack and I am not knowledgeable enough to resolve this appropriately. This compromises personal information/etc"
- Make sure it is clear you are not experienced enough to manage the responsibilities.
Also, just a note which might be helpful - it ultimately is not your responsibility to be your previous bosses boss. You should not feel guilty/responsible for finding a replacement for your boss, as long as you have clearly communicated you are not able to fully perform his/her job.
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
suggest improvements |Â
up vote
11
down vote
accepted
up vote
11
down vote
accepted
You have a complicated situation.
The current situation - how to fix the immediate need
We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address
You have correctly identified this as a significant problem. An urgent one, in fact, not something you want to wait through the bureaucracy to fix.
Your university almost assuredly has a centralized IT department somewhere. You need to find contact information for them ASAP.
It sounds like the "who is your boss?" question is difficult to answer. Find contact information - preferably the physical location - for those at your university who can resolve this.
Then:
- Visit/contact your centralized IT department, preferably in person
- Doing this in person makes it much more likely
- Find someone there to talk with who has any technical background (even if the wrong person). Technical people are more likely to respond in a "you are right, this is important/urgent" manner and appreciate the importance of your situation
- Have them find you someone who has the appropriate skills
- Keep trying this until you find someone
- Describe the situation in as much detail as you can
- "Our server is compromised, we know this because other servers here are being hit from it"
- "I do not have the required skills to do this and our IT admin has quit"
- Ask this person for help resolving the situation
- No IT admin even remotely competent will expect a student to be able to fully resolve something like this
The underlying problem - who has responsibility for the IT Administration
However, the person who trained me and just quit is still listed as the IT Administrator by the University
I feel like I don't have the IT administrative experience necessary in this situation
The first problem here is you have no idea who should be responsible for the IT administration. You are assuming it is you, as the student employee.
As you correctly identify this is not a good situation.
To resolve this:
- Find out who is your previous bosses boss (ask him)
- Setup a conversation with that person
- Communicate "I do not have the necessary skills/abilities to fully be IT Administrator"
- Use this example. "We recently had a security attack and I am not knowledgeable enough to resolve this appropriately. This compromises personal information/etc"
- Make sure it is clear you are not experienced enough to manage the responsibilities.
Also, just a note which might be helpful - it ultimately is not your responsibility to be your previous bosses boss. You should not feel guilty/responsible for finding a replacement for your boss, as long as you have clearly communicated you are not able to fully perform his/her job.
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
You have a complicated situation.
The current situation - how to fix the immediate need
We know that someone has already breached authentication as other servers have reported that dictionary based attacks are being launched from our server's IP address
You have correctly identified this as a significant problem. An urgent one, in fact, not something you want to wait through the bureaucracy to fix.
Your university almost assuredly has a centralized IT department somewhere. You need to find contact information for them ASAP.
It sounds like the "who is your boss?" question is difficult to answer. Find contact information - preferably the physical location - for those at your university who can resolve this.
Then:
- Visit/contact your centralized IT department, preferably in person
- Doing this in person makes it much more likely
- Find someone there to talk with who has any technical background (even if the wrong person). Technical people are more likely to respond in a "you are right, this is important/urgent" manner and appreciate the importance of your situation
- Have them find you someone who has the appropriate skills
- Keep trying this until you find someone
- Describe the situation in as much detail as you can
- "Our server is compromised, we know this because other servers here are being hit from it"
- "I do not have the required skills to do this and our IT admin has quit"
- Ask this person for help resolving the situation
- No IT admin even remotely competent will expect a student to be able to fully resolve something like this
The underlying problem - who has responsibility for the IT Administration
However, the person who trained me and just quit is still listed as the IT Administrator by the University
I feel like I don't have the IT administrative experience necessary in this situation
The first problem here is you have no idea who should be responsible for the IT administration. You are assuming it is you, as the student employee.
As you correctly identify this is not a good situation.
To resolve this:
- Find out who is your previous bosses boss (ask him)
- Setup a conversation with that person
- Communicate "I do not have the necessary skills/abilities to fully be IT Administrator"
- Use this example. "We recently had a security attack and I am not knowledgeable enough to resolve this appropriately. This compromises personal information/etc"
- Make sure it is clear you are not experienced enough to manage the responsibilities.
Also, just a note which might be helpful - it ultimately is not your responsibility to be your previous bosses boss. You should not feel guilty/responsible for finding a replacement for your boss, as long as you have clearly communicated you are not able to fully perform his/her job.
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
edited Jul 14 '14 at 16:24
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
answered Jul 14 '14 at 16:18
Elysian Fields♦
96.9k46292449
96.9k46292449
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
suggest improvements |Â
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
To clarify, it seems like my boss (The director of the department) and my supervisor have basically been hiring students as software developers and trying to push the network administration responsibilities off onto them. The previous students seemed to have attempted to administrate the network. I don't know the last time our department had a professionally hired administrator, but it seems like its been a pretty long time as I don't have access (usernames/passwords) to most of the servers we own. I've only ever heard of students handling the administrative responsibilities.
– user17647
Jul 14 '14 at 16:54
1
1
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
@user17647 another huge advantage to talking with a centralized group to resolve this is visibility into that problem.
– Elysian Fields♦
Jul 14 '14 at 16:58
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
I believe we have a meeting tomorrow morning with my supervisor, and the three other students working here as software developers. My boss may or may not be there. There is a new professionally hired person who's job is to manage our development. I am unsure what her role is at this point, and whether her responsibilities include IT Administration. I will definitely bring up the IT Administration responsibilities, but I have problems with being assertive and could use help with that as well.
– user17647
Jul 14 '14 at 17:11
suggest improvements |Â
up vote
3
down vote
- Inform your boss that the systems have been compromised.
- Ask for training in the admin side and indicate that you feel unable to take on any admin tasks until you have received such training. After all, nobody would be crazy enough to put an untrained student in charge all the IT admin would they...? That expectation would be completely unreasonable.
- If they expect you to deal with security threats you should also be receive separate training for that.
answered Jul 14 '14 at 15:18
Jaydee
17115
suggest improvements |Â
up vote
3
down vote
- Inform your boss that the systems have been compromised.
- Ask for training in the admin side and indicate that you feel unable to take on any admin tasks until you have received such training. After all, nobody would be crazy enough to put an untrained student in charge all the IT admin would they...? That expectation would be completely unreasonable.
- If they expect you to deal with security threats you should also be receive separate training for that.
answered Jul 14 '14 at 15:18
Jaydee
17115
suggest improvements |Â
up vote
3
down vote
up vote
3
down vote
- Inform your boss that the systems have been compromised.
- Ask for training in the admin side and indicate that you feel unable to take on any admin tasks until you have received such training. After all, nobody would be crazy enough to put an untrained student in charge all the IT admin would they...? That expectation would be completely unreasonable.
- If they expect you to deal with security threats you should also be receive separate training for that.
answered Jul 14 '14 at 15:18
Jaydee
17115
- Inform your boss that the systems have been compromised.
- Ask for training in the admin side and indicate that you feel unable to take on any admin tasks until you have received such training. After all, nobody would be crazy enough to put an untrained student in charge all the IT admin would they...? That expectation would be completely unreasonable.
- If they expect you to deal with security threats you should also be receive separate training for that.
answered Jul 14 '14 at 15:18
Jaydee
17115
answered Jul 14 '14 at 15:18
Jaydee
17115
answered Jul 14 '14 at 15:18
Jaydee
17115
answered Jul 14 '14 at 15:18
Jaydee
17115
17115
suggest improvements |Â
suggest improvements |Â
up vote
1
down vote
In addition to @Jeydee's fantastic answer, find an IT security expert ASAP if at all possible.
If this is a realtime threat that's happening right now, ask about and see if any colleagues, friends, or family can help provide immediate assistance. Explain it's an emergency, and why.
Fixing the long-term problem where you've been assigned duties you're not familiar with can wait until the crisis is averted, and everything is safe.
answered Jul 14 '14 at 15:50
yochannah
4,21462747
suggest improvements |Â
up vote
1
down vote
In addition to @Jeydee's fantastic answer, find an IT security expert ASAP if at all possible.
If this is a realtime threat that's happening right now, ask about and see if any colleagues, friends, or family can help provide immediate assistance. Explain it's an emergency, and why.
Fixing the long-term problem where you've been assigned duties you're not familiar with can wait until the crisis is averted, and everything is safe.
answered Jul 14 '14 at 15:50
yochannah
4,21462747
suggest improvements |Â
up vote
1
down vote
up vote
1
down vote
In addition to @Jeydee's fantastic answer, find an IT security expert ASAP if at all possible.
If this is a realtime threat that's happening right now, ask about and see if any colleagues, friends, or family can help provide immediate assistance. Explain it's an emergency, and why.
Fixing the long-term problem where you've been assigned duties you're not familiar with can wait until the crisis is averted, and everything is safe.
answered Jul 14 '14 at 15:50
yochannah
4,21462747
In addition to @Jeydee's fantastic answer, find an IT security expert ASAP if at all possible.
If this is a realtime threat that's happening right now, ask about and see if any colleagues, friends, or family can help provide immediate assistance. Explain it's an emergency, and why.
Fixing the long-term problem where you've been assigned duties you're not familiar with can wait until the crisis is averted, and everything is safe.
answered Jul 14 '14 at 15:50
yochannah
4,21462747
answered Jul 14 '14 at 15:50
yochannah
4,21462747
answered Jul 14 '14 at 15:50
yochannah
4,21462747
answered Jul 14 '14 at 15:50
yochannah
4,21462747
4,21462747
suggest improvements |Â
suggest improvements |Â
1
I guess the question is "Help! What do I do?"
– Jaydee
Jul 14 '14 at 15:14
3
Check the system logs on the server to find what IP the attack is coming from. Get on the proxy server and blacklist the IP where the attack is coming from. If your server is running a firewall, gat on the firewall and block the IP of the sourve of the attack.
– Vietnhi Phuvan
Jul 14 '14 at 15:14
1
You need to network with admins from other departments including the University's central IT and have them give you support. In fact, this is a situation that requires your University's central IT's immediate attention. You are in a situation where the first thing you need to know is whom to ask for help.
– Vietnhi Phuvan
Jul 14 '14 at 16:03
While you are checking the server's logs, take note of which user account is being targeted. If the user account is a non-admin account, your options include temporarily disabling the user account - that's especially important if said user account has admin privileges. Work with the owner of the user account to enable the user account, and make sure they use a strong password. If the user account is an admin account, use an online password strength checker to verify the strength of the admin password. If the admin password, immediately assign a much stronger password.
– Vietnhi Phuvan
Jul 14 '14 at 18:26
The dictionary based attack seems to be guessing usernames.
– user17647
Jul 15 '14 at 12:33