2.4 The SysHackAdminer

2.4.1 Roles

• Keeping the system secure
• Detection and resolution of errors

2.4.2 Security strategy

The syshackadminer has only one security strategy, and that is to keep the system as secure as possible. This strategy can be problem into several components, which we describe below:

2.4.2.1 Proactive approach to security

The traditional system administration method is to wait for an error condition and then to resolve the problem. A proactive approach to security finds the error conditions before they occur so they can be fixed before they become a problem. There are two parts to this approach. They are discussed below.

Find the problem first

The syshackadminer, as part of being proactive about security, finds the problem situations before hackers can. In so doing, he can keep ahead of them. This is a hacker-type mindset. In this case, since it is legal, it is equivalent to hiring a tiger team. The advantage is that it is free of the risks of putting a stranger in charge of system security.

Resolve problems before others exploit them

This is the other component of the proactive stance to security. After the problems have been found, they need to be resolved before others exploit them. This is the role traditional system administrators play when an error condition arises

2.4.2.2 No suprises

A big part of system administration is satisfying the users. This is the reason usability is favoured above security most of the time. The syshackadminer is primarily interested in the security of the system. He therefore considers security concerns before usability issues. He considers usability as something that needs to fit around security, not the other way round.

The syshackadminer works on a system of least trust. Since trust requires vulnerability, it is sidelined for security reasons. Only needed trust relationships are established. The syshackadminer adopts the best parts of the system administrator's security philosophies. In particular, security through backups and passwords form a part of the security strategy. The difference here is that those security mechanisms are not the only security mechanisms that are relied on.

Usability favoured above security means a lot of dangerous services are provided (mostly unmonitored) in the remote chance that someone may want to use it. The syshackadminer provides only those services that are needed. That is, convenient services which are regarded as a system security risk may be terminated and potentially replaced with more secure ones. This model leaves few services that need to be monitored which translates to less potential points of system security failure.

2.4.3 SysHackAdminer Ethics

2.4.3.1 Hacker Ethics

Two tenets of the hacker ethic are adopted. The two tenets adopted are named, our interpretations of them and the reasons for adoption discussed.

One can create beauty and art on a computer

Most people create something on computers. To them, whatever it is they have created, may be beautiful. The syshackadminer also believes this and makes it his first priority to protect that beauty and art.

Computers can change your life for the better

With the growth in the number of people using computers and the Internet, society seems to believe in this tenet too. Losing valuable information through security incidents does not change people's lives for the better. The syshackadminer's role in system security reduces such losses.

2.4.3.2 System administrator ethics

The system administrator ethics are accepted as a whole and amended. The parts of the system administrator ethics which are amended are those that have to do with privacy issues. The syshackadminer's primary priority is ensuring the security of the system. If privacy issues interfere with system security, they will be overlooked. A provision for this may be made in the user policy.

2.4.4 Qualities

The syshackadminer's qualities can be summarized as follows:

• Security is the primary concern
• Can think like a hacker
• Is a system administrator
• Can provide technical solutions to technical problems