THE DIARY OF A GEEK IN OXFORDSHIRE


Solving the World's problems with common sense and a flamethrower.

Tuesday, March 18, 2008

What We Have Here, Is Failure To Communicate!

Communication, as we know, is an important thing.

However, while WE know that, our dear, esteemed Management seem to have missed the particular memo.

I'd like, therefore, to share with you two instances of supreme stupidity in Manglement communication, of differing types, for your entertainment and edification...

1. "Do What We *WANT*, Not What We Ask For!"

So. Yesterday we have a call logged by Manglement to the Security Team (me), and the request said thusly:

"Remove $COMPANY users from firewall."

Less than an hour later, this request is backed up by an email from said Mangler, saying "These need to be handled fairly swiftly (in other words they are 'easy wins')".

No problem. On to the firewall, and spend an enjoyable few minutes deleting accounts. I find that nuking accounts is always a pleasurable part of the day.

Once the deletions have been done, I fire off an email to the company concerned and the instigating Mangler, advising them of completion and providing a complete list of the deleted accounts and the remaining extant ones.

Nobody complains. Nobody. Not a word.

Fast forward to this morning, and a telephone call comes in from one of the recently-removed VPN users, complaining that they, and their cow-orkers, are unable to connect.

Well, DUH.

However, in the spirit of inter-departmental co-operation, I decide to give Manglement a quick call and let them know that someone Up There has neglected to tell anyone else what was about to happen.

"Oh, no!" is his terror-stricken response. "That wasn't supposed to happen - you were supposed to remove SURPLUS users! That's what we meant!".

"Well, the email and service request said you wanted all the users removed."

"I know, but that was a mistake - we didn't mean it! You'll have to fix it!".

< sigh >

Cue 4 hours of restoring users from backup configs, and calling round to check the lusers can all connect.

The fsking luser even tried to say it was OUR fault! No chance, pal - I've got the mails and the original call notes.

Clearly I missed the Cisco training module 'How to read between the lines of ignorant and incomplete Manglement requests'.

2. Did You Need To Know That?

An Email Arrives.

The Mangler in this case, wanted to know the IP address a Remote Luser had connected to their firewall FROM.

One quick check, and I fire off a response with the source IP, and suggest she verifies it by getting Remote Luser to verify it on whatismyip.com.

Quicker than a luser heading for the donuts, she dashes off her reply - and it's a reply that fills me with dread and resignation.

"Oh, no", she says. I didn't need that information - I put the wrong thing in the email. What I wanted to know was what else she connected to afterward, as she's introduced a worm onto our network. Sorry, should I have mentioned that?"

< Gnnnn... >

'Nuff said, really.

Well, as it turns out, we don't manage any of the devices that got affected, our firewalls don't allow traffic inbound from the client in question, so we're safe.

Tomorrow will be spent crafting the carefully-worded email explaining exactly why I don't care that Remote Luser infected them, and perhaps suggesting that next time they pick up an infection they might like to tell us about it somewhat quicker than today.

As for Remote Luser - well, there will be LARTage, of that you can be assured. The Mangler resposible for my earlier suffering will be made to pay as well, in new and interesting ways.

Mark my words, There Will Be A Reckoning.

And, I think, a few lessons in communicating properly.

3 comments:

Faouq Taj said...

Accepting change requests from users via email is always dangerous. This is why I prefer getting them to fill in an on-line form. Otherwise when there's a screw up you end up forwarding a long list of emails to everyone concerned.

Dungeekin said...

Hi Farouq, and thanks for reading.

The original request wasn't via email - it was logged by one of our own Managers, directly into our ticket handling system.

The email in question came later, as a *prod* to get us peons working faster on the call in question!

The lesson we've all learned for Next Time - is not to trust the requests of the Mangler concerned! I'm sure that after having every single call questioned and checked for accuracy for a couple of weeks, they'll understand the necessity of clear and accurate information-sharing.

Regards

Neil

ShapeThrower said...

These sorts of things are the exact reason why my email database is so huge ... There's no such thing as "too much evidence" when it comes to Luser/Manglement stupidity ...