Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Please read - my butt is on the line


This may seem inappropriate but my butt is on the line, so please read on.

I have 2 developers who have domain admin rights in a windows 2000 environment. I discovered on Friday that these 2 have been creating a VPN tunnel to another companies network and having several machines on that network interact with one of our machines on the internal network.

I escalated this issue to our collective supervisor. I know what his response was and I also know what mine was.

I can guarantee that there is going to be a big turf war over this one and so I seek your oppinions.

Does this have the potential to become a large security issue?

Thanks all.

New Member

Re: Please read - my butt is on the line


Bad news. Essentially every rule and every policy in the the security book has been broken. Depending on the level of security awareness and sophistication in your company, this could mushroom into a really big deal. There could be grounds for dismissing anyone connected with developers having domain admin rights. Equally there could be HR issues and legal liabilities pertaining to unauthorized access at the other company. The severity really boils down to the size of your company (and the other one) and the likelihood of someone making a big stink.

If anyone in your company was politically motivated to do damage to you, your supervisor or the developers, this is the ammunition they've been waiting for. Sorry for the bad news but yours is a potentially problematic situation.

Re: Please read - my butt is on the line

Well. I think the persons butt that is one the line is whoever gave domain admin rights to developers in the first place. That is the biggest breach of security. Developers are notorious for thinking they can do anything they want since they usually have to have local admin rights over their workstations. How was the tunneling discovered? Why was it allowed in the first place? Sounds like it is time to clean house as far as security goes. If you play this right I think you can come out smelling like a rose and getting your company do implememt almost anything you want. Could those developers been stealing trade secrets from your company and sending them elsewhere? Spin it man spin it!!

New Member

Re: Please read - my butt is on the line

Ummm.... Have they been using the Cisco client to VPN in to the other company? If so... connection is firewalled and other companies' machines CANNOT touch the rest of your network.

Now if they built a site to site tunnel using a router, PIX, or concentrator....... then where did you say the new network administrator position was opening up????

CreatePlease login to create content