When any new employee is hired at Repinski’s Furniture Express, on their first day, he or she receives a personalized “grand tour” of the main headquarters given by none other than Mr. Repinski – the company’s owner and CEO. During his tour, Adam was introduced to the financing group, the warehouse supervisor and his crew, the ladies who ran most of the front office, and other supporting personnel. After meeting with the PC technician, Mr. Repinski showed Adam the place where he would be spending much of his time - the server room.
Knowing that the Junior System Administrator position would involve Active Directory, Windows Server maintenance, some light SQL Server database administration, Adam expected that it would be a great way to learn the ropes. After all, being fresh out of college with only some help desk experience under his belt, he needed all the real world experience he could get!
What he didn’t expect though was to see was that it was all running on a single server.
Settling In
Not long after getting settled in, Adam received his first ticket – resolve a problem with the company’s misbehaving FTP site. For years, the FTP site was the favored way to share large files between the stores and HQ rather than over email. As Adam came to discover, both sides could anonymously write into the FTP site’s directory, making it act like a kind of shared network directory that was conveniently accessible over the Internet.
As a first step, Adam located the FTP directory and found it to be completely clogged with files. Not with purchase orders and spreadsheets though – oh no. Instead, it was filled with zip files, disc images for various commercial applications, and a few gigs of undecidedly “NSFW” material.
To get things up and running, Adam deleted the offending files, restarted the FTP service, but hesitated to continue. How did those weird files get there? After only a few minutes of investigating, Adam started feeling a sensation not unlike the one you get when walking past freshly obliterated road kill. He was going to need to pay Mr. Repinski a visit.
Minor Details!
After explaining about the strange and inappropriate files on the FTP server, Adam explained that steps should be taken to secure the server and, at minimum, users should have some kind of login to prevent more files from who-knows-where.
The high back chair let out a groan as Mr. Repinski leaned back. He crossed his hands over his midsection and with a furrowed brow began, “Most people here very UN-technical. Why you’d be spending your time resetting logons. Besides – I’m sure this was only a one-time incident.” He finished by waving his hand as if to brush away an invisible stink cloud.
Anticipating this kind of response, Adam was ready – “May I use your PC?” Barely waiting for permission, Adam entered the external IP of the company’s server into the browser’s search box. The home page for Repinski’s Furniture Express was the first hit – the company’s ftp site was number 2.
Again, Mr. Repinski wasn’t impressed, and in fact, slightly annoyed. “Pfft – again, not a big deal. Who’s going to search for our EXACT IP address?”
Adam then clicked on the link to access the company’s FTP site and then the “Up One Level” link revealing the C:\ of the server. Mouth agape, the CEO just hung there for a second before expelling “I can’t believe it – you just hacked the server!”, shortly before diving into a long, tirade.
Going, Going, Gone…
Adam arrived at work the next morning to find that a large table had been moved into the server room, upon which was placed an opened computer case - its guts spilling onto the table top. Overnight, the server had died in a most spectacular manner resulting in the autopsy.
A printout of the pulled HD’s directory listing showed that the drive was filled with the same type of files that he cleaned out the previous day, but the contents of the drive though wasn’t the impressive part - it was what was missing that was news. The company web page? Gone. Data backups? Gone. Financial information? Except for whatever could be salvaged from users’ computers – all gone. What they did have was a veritable cornucopia of porn.
Unsurprisingly for Adam he was fired shortly thereafter for “willful negligence” which had cost the company untold sums of money in the form of lost time and productivity. Taking the loss in stride, Adam applied around to other local companies where he found another spot as, again, a Junior System Administrator. In some ways, his job is somewhat similar – he still works on one server. One server out of dozens in a corporate data center that is.