Anti-rogue defense: You can limit the damage individuals can do by implementing separation of duties and two-person controls, says Ken Ammon, chief strategy officer at Xceedium, a maker of appliances that manage how privileged users access key systems. That will ensure that sensitive tasks are performed by multiple people, and the same individuals don't have responsibility for both performing tasks and auditing how they're performed.
Rogue IT admin No. 2: The entrepreneur
You'd think keeping the lights on, the servers running, end-users happy (or at least not mutinous) and protecting the network from hackers and hooligans would be more than a full-time job for most admins. And yet, there's the occasional rogue who decides to open up a little side business at work -- on company time and using company equipment.
Heirmerl says he's encountered rogues using company servers to sell everything from pirated satellite equipment to tarot products. In the latter case, the entrepreneur's retail operation was discovered after he'd been laid off, and his replacement had unraveled the complex firewall rules the rogue created to allow him access to the network.
"Within 30 minutes after the firewall rules had been changed, the first admin called to complain that his access had been cut off," he says. "This was two weeks after he'd been let go. He was very insulted and thought it was totally unfair."
Winn Schwartau, chairman of smartphone security company Mobile Active Defense, says he was doing independent consulting for a financial services company in 2003 when it discovered one of its sys admins was running a fee-based porn site on his work desktop, using an external modem and a partitioned hard drive. The modem was discovered during a routine scan of the network for rogue communications devices, which led them to the porn site, Schwartau says.
The problem in cases like these is that no one else is watching, says Heirmerl.
"These people are not responsible to anyone," he says. "The guy running the tarot site configured the system audit logs to hide his behavior. They've got all the authority and no accountability."
Anti-rogue defense: Access and network management tools can go a long way toward preventing rogue activities, says SolarWinds' Stephens.
"There's no reason not to build in a management system that will notify you when someone is accessing systems they shouldn't or changing passwords, so you can investigate what's going on," he says. "Solid management software can protect you from these kinds of activities."
Rogue IT admin No. 3: The voyeur