PSA: don't circumvent your company's pc security setup

[Jawo]

Originally posted by: jtvang125

Originally posted by: NuclearNed

Originally posted by: BillGates

Originally posted by: azazyel
They have computers in Tennessee? Well...who would have thunk that!

Don't kid yourself - they don't even have electricity there.

We got a real sweet deal on a whole bunch of laptops from a company called Etch-o-sketch. Who needs Dell?

You mean those cute, red tablet PCs?

oh no!!! my entire screen just erased all of my work!!!!:Q

 

[Armitage]

From the other side of the cubicle wall - if you don't make everything so slow, difficult, convoluted or impossible in the name of security then users wouldn't be so tempted to find ways around it.

Not saying that your shop is like that - sounds like a very reasonable issue (getting the new guy his own account), but I've seen enough that are. I've seen some places where the emphasis on security was extreme to say the least. But account sharing was rampant because the access was so segragated and getting accounts took alot of paperwork and time (weeks). By turning the screws to tight they hurt their security more then they helped it.

Another example - absurdly resource intensive virus scans. At an old job people were always looking for ways to disable/break the virus scan because it was so obtrusive. The computer was basically not usable for an hour or so while it ran, and you couldn't postpone it. It was supposed to run at night, but would sometimes run on a reboot. And sometimes you were working late and it would come on. But whenever you bitched, IT ran up the SECURITY flag and you got nowhere.

The most secure computer is an unplugged one. Of course you can't get anything done with it. There needs to be some compromise between security and usability.

edit - and yea, having root on your own box just rocks

 

[Gravity]

My NA works directly for me.

He showed me how to use Altruis now regrets it!!

 

[tami]

so who did what? did s/he get fired?

 

[ISAslot]

Originally posted by: jtvang125

Originally posted by: NuclearNed

Originally posted by: BillGates

Originally posted by: azazyel
They have computers in Tennessee? Well...who would have thunk that!

Don't kid yourself - they don't even have electricity there.

We got a real sweet deal on a whole bunch of laptops from a company called Etch-o-sketch. Who needs Dell?

You mean those cute, red tablet PCs?

The mouse contols suck.

and they only run an enhanced version of MS paint.

 

[The Sauce]

Originally posted by: NuclearNed
We, your friendly company computer professionals, have lots of really good reasons that we tighten the security on company pcs like we do. We don't do it for fun. We do it because deep down, we love you and care for you and want to keep you from getting yourself in trouble. We know that temptation goes hand in hand with computer use, and we like to steer you towards the bright path of doing the right thing. It takes time and effort on our behalf, but by golly, you are worth it. We like you, and we want you to like us too.

So it really pains us when you go to such great lengths to violate company policy and circumvent every bit of security that we have implemented. It kind of feels like the most wretched of betrayals. No, rather, it feels like your cherished first love ripped your beating heart out of your love-struck chest and took a heaping beer - asparagus - nacho dump on it right in front of your grandmother. And that makes us feel, well, sad and empty inside.

So please, please, please think of us and our tender feelings the next time you want to endanger your precious job by either logging into a secure network, then allowing someone else to do work under your account, or vice-versa. You'll feel better about yourself in the long run, and we'll continue to live in blessed harmony.

No, actually what it represents is not love, but rather an abuse of power. When small people are put in smaller positions where they have a limited but definite degree of power to control something, they invariably will abuse that privilege - i.e. the mini-Nazi phenomenon. You feel that you must assert yourself to control what other people are doing under your purvey in order to justify your meaning in life, and so find any reason to limit or restrict that activity that people must answer to you for. What you have said is akin to saying "you are too stupid to know how to do the right thing, so we won't let you." That is fascism and you, sir, are a mini dictator in your own, sad little, end-of-the-road country (job).

 

[biostud]

but you never give me acces to torrents and pr0n when I ask nicely

 

[NuclearNed]

Originally posted by: tami
so who did what? did s/he get fired?

I don't know for sure what happened, but the guys probably didn't get fired. Most likely, they got a stern lecture from our security department.

 

[NuclearNed]

Originally posted by: Snatchface

Originally posted by: NuclearNed
We, your friendly company computer professionals, have lots of really good reasons that we tighten the security on company pcs like we do. We don't do it for fun. We do it because deep down, we love you and care for you and want to keep you from getting yourself in trouble. We know that temptation goes hand in hand with computer use, and we like to steer you towards the bright path of doing the right thing. It takes time and effort on our behalf, but by golly, you are worth it. We like you, and we want you to like us too.

So it really pains us when you go to such great lengths to violate company policy and circumvent every bit of security that we have implemented. It kind of feels like the most wretched of betrayals. No, rather, it feels like your cherished first love ripped your beating heart out of your love-struck chest and took a heaping beer - asparagus - nacho dump on it right in front of your grandmother. And that makes us feel, well, sad and empty inside.

So please, please, please think of us and our tender feelings the next time you want to endanger your precious job by either logging into a secure network, then allowing someone else to do work under your account, or vice-versa. You'll feel better about yourself in the long run, and we'll continue to live in blessed harmony.

No, actually what it represents is not love, but rather an abuse of power. When small people are put in smaller positions where they have a limited but definite degree of power to control something, they invariably will abuse that privilege - i.e. the mini-Nazi phenomenon. You feel that you must assert yourself to control what other people are doing under your purvey in order to justify your meaning in life, and so find any reason to limit or restrict that activity that people must answer to you for. What you have said is akin to saying "you are too stupid to know how to do the right thing, so we won't let you." That is fascism and you, sir, are a mini dictator in your own, sad little, end-of-the-road country (job).

First off, the original post was just pregnant with sarcasm and creative writing.

That said, your post is about as stupid as I have ever seen. We don't secure our networks because we think our people are idiots. On the contrary, our company hires only bright people who have proven that they are competent in all sorts of different ways. We protect our network because, like all companies, there are things that we wouldn't want outside interests to know about us. Some of these outside interests are our own employees. It is the entire "need to know" concept - some people just don't need to know certain aspects of our business. For example, I'm sure you wouldn't want your personal information and salary posted on a public network for all to see. Comparing this to fascism is idiotic, and saying that I'm a mini dictator only proves that you don't have a clue.

 

[The Sauce]

I have been quite frustrated recently with my IS Dept over this exact issue. I am a physician working in a hospital. Due to their restrictions on surfing and use of a proprietary program (Websense), which is not intended for medical purposes, I am no longer able to do online clinical research to take care of the patients I see on a daily basis. My effectiveness as a physician and my ability to care for patients is diminished due to my IS dept. They refuse to remove these restrictions for no good reason that they can elaborate upon. They have suggested that I forward them the addresses of blocked sites so that they can remove them, manually, one by one...all 10 million of them. I suggested that they do a google search for "sexually transmitted disease" and start by removing everything that comes up...no response yet. These people are just thrilled that they have the power to deny professionals critical tools due only to the simple fact that they can. Protecting sensitive internal data is one thing...protecting employees from themselves and restricting access to critical services in the process is lunacy. I justify any conceivable circumvention under those circumstances.

 

[Linflas]

Originally posted by: Krk3561
My high school had Novell set up and they blocked you from accessing certain sites like espn.com or aol.com, in addition to adult material, but I found that if you disabled internet proxy in windows registry (which i got to thru command prompt), then you could visit any site, but they could still see the sites you went to. Then I figured out that if you logged in under the username administrator there was no password. Overall the network was very insecure.

They probably were depending on ZEN to push down policy to rename the admin account to whatever ID their admin uses. I found some of my schools had that problem as well and fixed it locally until they got the policy working correctly. Same with access to the local drive, command prompt etc. We lock the student account out of all of that through policy as well and if the policy is not set correctly for the container well...:disgust:

 

[Rogue]

Originally posted by: Snatchface
I have been quite frustrated recently with my IS Dept over this exact issue. I am a physician working in a hospital. Due to their restrictions on surfing and use of a proprietary program (Websense), which is not intended for medical purposes, I am no longer able to do online clinical research to take care of the patients I see on a daily basis. My effectiveness as a physician and my ability to care for patients is diminished due to my IS dept. They refuse to remove these restrictions for no good reason that they can elaborate upon. They have suggested that I forward them the addresses of blocked sites so that they can remove them, manually, one by one...all 10 million of them. I suggested that they do a google search for "sexually transmitted disease" and start by removing everything that comes up...no response yet. These people are just thrilled that they have the power to deny professionals critical tools due only to the simple fact that they can. Protecting sensitive internal data is one thing...protecting employees from themselves and restricting access to critical services in the process is lunacy. I justify any conceivable circumvention under those circumstances.

It's quite possible they are complying with overly restrictive federal regulations which are also broadly vague at the same time, AKA HIPAA. Before you just arbitrarily call them mini-Nazis or whatever you want to call them, walk in and simply ask them why they are blocking certain things and express a desire to help them improve the system for everyone. I warn you though, come at them with attitude and a line of bull$hit about how your favorite porn site is related to your study of gynecology and you'll regret ever walking in there in the first place.

 

[Linflas]

Originally posted by: Rogue

Originally posted by: Snatchface
I have been quite frustrated recently with my IS Dept over this exact issue. I am a physician working in a hospital. Due to their restrictions on surfing and use of a proprietary program (Websense), which is not intended for medical purposes, I am no longer able to do online clinical research to take care of the patients I see on a daily basis. My effectiveness as a physician and my ability to care for patients is diminished due to my IS dept. They refuse to remove these restrictions for no good reason that they can elaborate upon. They have suggested that I forward them the addresses of blocked sites so that they can remove them, manually, one by one...all 10 million of them. I suggested that they do a google search for "sexually transmitted disease" and start by removing everything that comes up...no response yet. These people are just thrilled that they have the power to deny professionals critical tools due only to the simple fact that they can. Protecting sensitive internal data is one thing...protecting employees from themselves and restricting access to critical services in the process is lunacy. I justify any conceivable circumvention under those circumstances.

It's quite possible they are complying with overly restrictive federal regulations which are also broadly vague at the same time, AKA HIPAA. Before you just arbitrarily call them mini-Nazis or whatever you want to call them, walk in and simply ask them why they are blocking certain things and express a desire to help them improve the system for everyone. I warn you though, come at them with attitude and a line of bull$hit about how your favorite porn site is related to your study of gynecology and you'll regret ever walking in there in the first place.

I worked for a year doing network support for Chief of Naval Ops/Secretary of the Navy LANs in the Pentagon. Generally the people in CNO were all military and whatever we said they accepted. On the SecNav side they were mostly civilian civil service types and would play politics to try and get around almost any policy that was put in place. My favorite was this one guy that objected when the powers that be decided that they wanted Real Audio streaming shutdown. His approach was to open a ticket that said something to the effect of "I want to know if anyone is reviewing the policy of restricting Real Audio streams or are we not going to be able to listen to things like NPRs series on 'Women in the Military'?". I think someone gently pointed out to him that it was pretty easy to pick up NPR broadcasts with a radio since we were right across the river from the transmitters.

 

[Rogue]

Originally posted by: Linflas

Originally posted by: Rogue

Originally posted by: Snatchface
I have been quite frustrated recently with my IS Dept over this exact issue. I am a physician working in a hospital. Due to their restrictions on surfing and use of a proprietary program (Websense), which is not intended for medical purposes, I am no longer able to do online clinical research to take care of the patients I see on a daily basis. My effectiveness as a physician and my ability to care for patients is diminished due to my IS dept. They refuse to remove these restrictions for no good reason that they can elaborate upon. They have suggested that I forward them the addresses of blocked sites so that they can remove them, manually, one by one...all 10 million of them. I suggested that they do a google search for "sexually transmitted disease" and start by removing everything that comes up...no response yet. These people are just thrilled that they have the power to deny professionals critical tools due only to the simple fact that they can. Protecting sensitive internal data is one thing...protecting employees from themselves and restricting access to critical services in the process is lunacy. I justify any conceivable circumvention under those circumstances.

It's quite possible they are complying with overly restrictive federal regulations which are also broadly vague at the same time, AKA HIPAA. Before you just arbitrarily call them mini-Nazis or whatever you want to call them, walk in and simply ask them why they are blocking certain things and express a desire to help them improve the system for everyone. I warn you though, come at them with attitude and a line of bull$hit about how your favorite porn site is related to your study of gynecology and you'll regret ever walking in there in the first place.

I worked for a year doing network support for Chief of Naval Ops/Secretary of the Navy LANs in the Pentagon. Generally the people in CNO were all military and whatever we said they accepted. On the SecNav side they were mostly civilian civil service types and would play politics to try and get around almost any policy that was put in place. My favorite was this one guy that objected when the powers that be decided that they wanted Real Audio streaming shutdown. His approach was to open a ticket that said something to the effect of "I want to know if anyone is reviewing the policy of restricting Real Audio streams or are we not going to be able to listen to things like NPRs series on 'Women in the Military'?". I think someone gently pointed out to him that it was pretty easy to pick up NPR broadcasts with a radio since we were right across the river from the transmitters.

I work for an Army IT shop currently and we fight the same thing almost daily. It is clearly written in the regulation that streaming media is to be used in only limited circumstances but people continually fight it. I'm about to kill it off completely though with our new proxies we just got. The policy is clear and I have the blessings of my superiors, so it's full steam ahead!

 

[EULA]

The last person that violated my security policy was forced to use a word processor for the remainder of their employment.