2014 was waning, and Stacy’s team was struggling to deliver all the projects the director wanted before year-end. Insuracorp was a small, and that meant IT had a minuscule head-count. This meant they needed to bring on a Highly Paid Consultant for the last project, Codename: Lockport.
A manager had read a dire article about hackers dropping thumb drives in a parking lot, which their victims then picked up and plugged into their computers. This meant that it was now absolutely vital for the organization to ban all unapproved USB devices from being connected to the company systems. George, the HPC, was a hardware expert, so he’d been running the show on Lockport while Stacy and her teammates cranked through the rest of the project list: upgrade mailservers here, replace a macro-laden Excel sheet with actual software there, discover that an Access database was suddenly “critical to business operations”, and the business wanted it ported to SharePoint. It had been a busy year, and Stacy was ignorant of George’s progress until her boss, Jeff, appeared in her cube one day.
“Morning, Stace! Great work on that Exchange migration. I need a favor: George really could use a hand with Lockport. I’m not sure what the issue is, but he’s not making quite as much progress as we’d like, and year-end is closing in on us. If you could give him a hand, that’d be great.”
Stacy obliged, and took the elevator down to the basement room where George waited. His shiny bald spot was the only thing visible above the piles of USB devices teetering on every surface of his makeshift office.
“George?” Stacy was inclined to whisper, fearing the slightest reverberation would bury her co-worker alive.
“Can’t figure out…” George said, trailing off into mumbled profanity. Stacy approached carefully, finding the round, red-faced man hunched over his laptop, popping the USB cable of a mouse into and out of each port in turn, as though performing a Zen ritual.
“George? It’s Stacy, from upstairs. Jeff asked me to come down and see if you needed a hand?”
“Not unless you can find a way to keep a USB device on the whitelist when its hardware ID changes every time!”
That took Stacy aback. USB hardware IDs were burned into the device by the manufacturer, and she wasn’t aware of any circumstances under which they could change. Then again, George was the “expert”. Maybe he was doing something unusual.
“I didn’t think that was possible. Can you show me?”
Stacy peered over a stack of removable hard drives, careful not to send the pile tumbling to the floor. George was using an app called DevViewer to see the hardware IDs of the devices he was testing. The window showed a simple tree-view that organized all connected devices by category. He pointed to the mouse, named VID_081&PIT_1001
, under the Human Interface Devices category, and told Stacy to watch closely. He unplugged the mouse; its entry vanished from the list. After a five-count, he plugged it into a different port. He immediately selected the last device in the HID category, outlining its ID in a damning blue highlight: VID_0A81&PID_3016
.
“SEE?!” George said. “It’s that… that dam PID! How am I supposed to whitelist all of these in the Endpoint Protector whet the Port ID changes every time I plug them into a different port?”
Stacy blinked rapidly, wondering if the dusty atmosphere of the basement had messed with her vision: she was quite sure there had been three devices in the HID section, and now there were only two.
“Is the…” Before Stacy could finish her thought, George yanked the mouse out of the second port and jammed it into a third.
“And this time it’s the same! It’s maddening!”
Before George could pull the plug once more, Stacy reached over and clicked on the disclosure button for the “Other Devices” tree. There, plain as day, was VID_0A81&PID_1001
. “Now, just give it a second,” Stacy said. Sure enough, the mouse’s ID vanished from “Other Devices” moments later, only to reappear under HID.
“When you first plug it in,” Stacy said, “it takes a few seconds to load the device drivers. Until it does, the device just registers as ‘Other’, and that’s why it looks like the IDs are changing. They’re just moving between the two lists.”
George sat back, eying the devices heaped around him. He looked everywhere but towards Stacy. She’d just shown, with a simple observation, that the past few weeks of struggle against capricious device IDs had been pointless.
Stacy tried to fill the silence. “I guess that’s why a second pair of eyes is always useful, huh?” A twitch in his left eyebrow was George’s only response.
Though he never spoke to Stacy directly, George managed to communicate through Jeff that her input was no longer required. She figured he hadn’t liked being shown up, and was more than happy not to visit the basement again. Stacy returned to her project list and forgot about Codename: Lockport.
The year wound down, and on New Year’s Even, Insuracorp’s virtual server environment ground to a complete and total halt. Access Denied and Unexpected Error dialogs graced the screens of every workstation, and Jeff scrambled the IT squad to investigate.
“Stacy, look at this,” Steve said, pointing to the dashboard of the database server he administered. “The system disk is here, but it says all the other drives, including the data drives, are unmounted! Could this have to do with Codename: Hot Potato?”
Stacy scanned the list of red-lit, unmounted drives, her teeth clenched. Hot Potato was a virtualization project she and a few virtualization specialists had wrapped up. Its purpose was to reconfigure several dozen VMs so they could hot-add CPU and RAM. That mode was all-or-nothing: the VM disks became hot-addable as well, causing them to be treated as removable storage.
“Removable storage,” Stacy muttered to herself.
“Huh?” Steve said.
“… like they were USB drives. Jeff!” Stacy yelled across the cube farm, prompting her boss to jog over.
“What’s up? Figured it out?”
“That depends. What’s the latest status on Codename: Lockport?”
“Hmm…” Jeff consulted a spreadsheet, awkwardly loaded and displayed on his omnipresent BlackBerry. “Right. Since the Endpoint Protection config never panned out, George decided to block all USB drives via group policy. Looked good on his test machines, so he rolled it into Production…” Jeff looked up, chewing his lip, “this morning.”
Stacy made an unhappy sound that rhymed with “duck”. Steve looked between the two, knowing only that whatever was going on wasn’t good. As a junior database admin, he hadn’t been privy to either Hot Potato or Lockport. “Guys?” He asked, “What are we going to do?”
“We’re going to revoke that group policy,” Stacy said. “Then the VMs won’t be banned from accessing their own storage, and then we can have George give Endpoint Protection another go.”
“Forget it,” Jeff said. “It’s a new year, and I think it’s time for a new hardware ‘expert’.”