The Moron Contract

We build networks in very specific ways for a lot of reasons. Proper resource utilization, security, segmentation, etc. Every network should have a demilitarized zone (DMZ) where web applications can create sockets to internal servers. It allows traffic to take a stop and be further inspected before allowing it to reach core or sensitive infrastructure for a network.

I had a request recently for someone who wanted to allow his unsecured development application to talk directly to the internet and our internal corporate network. The issue was time sensitive, so rather than take the proper channel and set up the application in the DMZ, a supervisor requested that the firewall rules be opened up to allow all communication for this application to proceed unsupervised.

That was gonna be a no from me, but we received so much push back from the supervisor, I filled and printed out a “moron contract” that I found on Reddit a couple years ago and asked him to sign it. It looks like this:

I, (moron’s name), in my authority as (position) of (company), am hereby directing (your name) to do (dumb thing).
I have been advised that (dumb thing) is a bad idea, is against industry best practices, and is likely to cause problems including but not limited to (list of problems). If these problems occur, they are likely to harm the business by (list of consequences here). Additionally, doing this could open the business to liability from (customers/vendors/employees/government/other) because (explain).
Understanding the consequences of doing (dumb thing), and knowing that better options are available, I still choose to order (your name) to proceed with (dumb thing) against his advice. I accept any and all liability that may come from (dumb thing)‘s likely consequences, and I agree that (your name) will be held harmless and blameless if/when any negative consequences occur.
Signed,
(moron)

After he reviewed it with the proper information filled in, he was hesitant on opening up these firewall rules and followed the proper procedure to get the application built in our DMZ.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s