Tuesday, January 6, 2009

What a hectic way to start the year 2009...

Welcome 2009... alhamdulillah, I live long enough to see yet another year. So many things happened in December 2008 that it is dragging until this year. However, only now I have the opportunity to update my blog since I'm on a semester break.

Virus attacks...

Right before Raya Haji in December 2008, my company got a virus attack which was not that serious but it really pissed off the users. What the virus did was to set all the Words documents to hidden and creates a copy of itself with an exe file.

The cleaning was very tedious because Symantec only releases a counter signature after 6 days of the outbreak! Now, I am seriously considering to change our enterprise AV.

Due to Symantec was so slow in coming out with protection signatures, we got hit again; this time with a Worm early this year. Gosh! One down, yet another culprit showed up! This is even worse, the threat was low but the impact was very troublesome! It's obvious that everybody is trying to target Microsoft vulnerabilities, which this one also with no exception.

This Worm knows that everywhere in the world the AD (this one is the real Active Directory okay, not that "AD" I mentioned before, hahahaha!) protected the network by locking IDs after 3 to 6 times attempts to login with an incorrect password. The initial intention was to prevent unauthorized users from hacking into the account. But, this Worm is even smarter, it "purposely" triggered random password just to make the accounts to be locked. Bloody genius! Instead of trying to steal passwords, it generated fake ones to lock the account and caused Denial of Service (DOS). In other words, using the weapons (AD Security) against its own master.

Killing two birds with one stone...

What I did was, I called all of my team and the AV vendor of ours for a short incident resolution briefing. I listed down all that I wanted them to do and asked for feedbacks. As I went through, I did highlight that I am not just a new kid on the block. I was on the field before doing what they were doing right now. 8 full years as a System Engineer, which must count for something, not just any engineer but Certified to carry out my tasks... only now that I am doing a full time IT management at my current position.

I told them that whatever the process that they are so familiar of doing everyday is NOT necessary the right way. They had survived all these years merely because of luck, not because the process is correct. Now after the problem hit, then only they know that it was not the best way after all. I reminded them to keep an open mind because there are so many ways of getting a work done. Don't limit their selves just because they are comfortable with just one way of doing it.

Well, alhamdulillah, after the briefing the virus/worm cleaning exercise went smoothly and until today everything is running fine and no new threats detected.

Moving on...

This is what I learned from all this... you don't have to shout or raise your voice to make people realize their mistakes. You don't have to 'downgrade' people to prove how good you are. You don't have to react immediately when people pissed you off because in some cases it will just make things even worse.

It's a kind of "Reverse Psychology"... share your experience or achievements and be knowledgeable enough that eventually these kind of people will realize on their own where they stand. It works so far :)