|
Inspector_666 posted:Windows server makes it trivial to add reservations, although I guess you'd kind of be assigning IPs willy-nilly...
|
# ? Aug 1, 2017 07:19 |
|
|
# ? Jun 7, 2024 12:45 |
|
evobatman posted:At a previous job, if you didn't lock your laptop to your desk and the security team saw that it sat there unattended while you were away, they would just grab it. You then had to go and explain to them why you hadn't locked it down and how you would never do it again. at my current job, if anybody touches my computer, i scream at them
|
# ? Aug 1, 2017 07:20 |
|
evobatman posted:At a previous job, if you didn't lock your laptop to your desk and the security team saw that it sat there unattended while you were away, they would just grab it. You then had to go and explain to them why you hadn't locked it down and how you would never do it again. How big was that company? If someone tried this stunt on me, that someone would find themselves without a job in short order.
|
# ? Aug 1, 2017 12:29 |
|
Wibla posted:How big was that company? Depends what the policies are. If the policy is to lock your laptop when you are gone, and you don't, that's on you.
|
# ? Aug 1, 2017 12:34 |
|
GreenNight posted:Depends what the policies are. If the policy is to lock your laptop when you are gone, and you don't, that's on you. Yeah, I was referring to my current work situation. I used to work in the navy before, and that was (obviously) a lot stricter. With good reason. We work with critical public infrastructure, so I've wanted to restrict access to all data relating to them, but haven't had much luck as of yet. Not sure if it's worth dying on that hill either...
|
# ? Aug 1, 2017 12:41 |
|
Wibla posted:Yeah, I was referring to my current work situation. I used to work in the navy before, and that was (obviously) a lot stricter. With good reason. Perform a very well documented fighting retreat, so when you're on the nightly news, you can say 'I tried my best, but leadership didn't want to hear anything about it, and refused to budget for any of it'.
|
# ? Aug 1, 2017 13:27 |
|
evobatman posted:At a previous job, if you didn't lock your laptop to your desk and the security team saw that it sat there unattended while you were away, they would just grab it. You then had to go and explain to them why you hadn't locked it down and how you would never do it again. I feel like better physical security at the doors and good camera coverage are a better solution than these dumb locks. Seems like there are a very wide range of non-petty options to try.
|
# ? Aug 1, 2017 13:48 |
|
Dumb locks are cheaper than cameras and door security. Always the cheapest option is tried first.
|
# ? Aug 1, 2017 13:50 |
Collateral Damage posted:Having your IPs in a set order or reserving certain spans to certain devices is a pointless exercise though. Set up your DNS properly and stop thinking about IP numbers. It's insane how hard it is to convince people of this. Resolve by hostname and all your problems are solved! But some people straight up don't understand why or come up with stupid reasons for reserving 30 IP addresses and using static IPs for everything.
|
|
# ? Aug 1, 2017 14:07 |
|
We use static IP's for printers, servers, etc. Been like this for 15 years and change is hard.
|
# ? Aug 1, 2017 14:11 |
|
GreenNight posted:We use static IP's for printers, servers, etc. Been like this for 15 years and change is hard. We can't change printers to DHCP because our internal programmers don't trust DNS
|
# ? Aug 1, 2017 14:26 |
So at our radio station, IT is part of Engineering, which tends to be a do-all. From the actual broadcasting infrastructure to hauling up printers and copiers, the latter because we're a union building and if the delivery guys don't have a union card they aren't allowed to work in the building. We also do some basic repairs and stuff. A ticket came in... From: Receptionist To: Engineering Department Subject: FW: Garbage Bags Date: 8/1/17, 9:34 AM quote:From: Receptionist The line between computer janitor and literal janitor blurs a bit, in the wrong direction
|
|
# ? Aug 1, 2017 14:39 |
|
evobatman posted:At a previous job, if you didn't lock your laptop to your desk and the security team saw that it sat there unattended while you were away, they would just grab it. You then had to go and explain to them why you hadn't locked it down and how you would never do it again.
|
# ? Aug 1, 2017 14:47 |
|
AAAAA! Real Muenster posted:At my current job, if you dont lock your computer when you walk away from your desk, anyone on your team can call you out and you have to buy doughnuts for the team the next day. If I can't expense them then no.
|
# ? Aug 1, 2017 14:55 |
|
Way to not be a team player.
|
# ? Aug 1, 2017 14:56 |
|
milk milk lemonade posted:It's insane how hard it is to convince people of this. Resolve by hostname and all your problems are solved! But some people straight up don't understand why or come up with stupid reasons for reserving 30 IP addresses and using static IPs for everything. It took our IT a while to come around, but it finally happened. We use Windows DHCP/DNS. Device tells DHCP its hostname, DHCP updates DNS. We do use reservations on a handful of devices due to some software that doesn't support hostname entry, so those devices always have the same IP.
|
# ? Aug 1, 2017 14:58 |
|
milk milk lemonade posted:It's insane how hard it is to convince people of this. Resolve by hostname and all your problems are solved! But some people straight up don't understand why or come up with stupid reasons for reserving 30 IP addresses and using static IPs for everything. Because Macs don't like to add printers via hostname.
|
# ? Aug 1, 2017 15:01 |
|
Bohemian Cowabunga posted:We can't change printers to DHCP because our internal programmers don't trust DNS The latest Reddit IT meme is blaming everything on DNS. Apparently name resolution is an arcane process ruining everything.
|
# ? Aug 1, 2017 15:03 |
|
Sickening posted:If I can't expense them then no. Due to lack of donuts, computers now lock after 1 minute of inactivity.
|
# ? Aug 1, 2017 15:04 |
|
MJP posted:So at our radio station, IT is part of Engineering, which tends to be a do-all. From the actual broadcasting infrastructure to hauling up printers and copiers, the latter because we're a union building and if the delivery guys don't have a union card they aren't allowed to work in the building. We also do some basic repairs and stuff. Sound the larchesdanrew klaxon.
|
# ? Aug 1, 2017 15:48 |
|
Wibla posted:Yeah, I was referring to my current work situation. I used to work in the navy before, and that was (obviously) a lot stricter. With good reason. Just casually let some pentester/Black hat/homeless person tailgate someone in and see what happens when a laptop goes missing. Pretty sure policy will change soon after.
|
# ? Aug 1, 2017 15:50 |
Fil5000 posted:Sound the larchesdanrew klaxon. My boss gave me carte blanche to do absolutely nothing when the "please fix X" or other non-IT requests come in. My co-workers on the radio side are usually the ones expected to do those, and I offer to help them if they ever need extra hands. I'm less concerned about asinine tasks when I think about what's going to happen with the terrestrial radio industry or how I'd grow my career when I'm basically the guy who runs IT (my boss is my escalation point and budget approver, but I sorta have free reign within reason) without having to move to the corporate HQ which is in a whole other state elsewhere in the country.
|
|
# ? Aug 1, 2017 15:53 |
|
Sickening posted:If I can't expense them then no. Your options are this or eat a write up for your lax personal security. Bonus points involved the desktop and boot up sound getting changed to something suitably attention grabbing. The people who do this poo poo leave wide open admin and root access consoles all the loving time, there's no excuse not to loving slap WIN+L every time you leave your desk. How many conversations has this thread seen about allowing physical access to people just because they looked like they were supposed to be there?
|
# ? Aug 1, 2017 16:19 |
|
Raerlynn posted:Your options are this or eat a write up for your lax personal security. Bonus points involved the desktop and boot up sound getting changed to something suitably attention grabbing. So you mean address employee behavior concerns the normal way? Count me in. And when it comes to locking your computer, nobody is perfect despite the few that think they are. You want to do what you can to curb the reckless ones, but if you aren't using automatic locking policies to supplement you aren't doing yourself any favors. I am just not in favor for digging into my employees pockets for minor behavior issues. Sickening fucked around with this message at 16:33 on Aug 1, 2017 |
# ? Aug 1, 2017 16:28 |
|
At any of my previous jobs, if you left your computer unlocked, there was a nonzero chance: - your Facebook status was changed to 'I like to touch little boys' - your Outlook sent an email declaring you'd bring cake for everyone the next working day - your desktop background was reversed, icons hidden etc - something more boring happened, like a stern warning from the head IT At my current job, they've instated a 'clean desk' policy a few months back, so I'm ready to start shennanigans.
|
# ? Aug 1, 2017 16:37 |
|
At my job, if you leave your computer unlocked, people don't loving touch it. it's not your computer. don't loving touch it. If it's regularly unlocked I might send out an email asking them politely to lock it because we're all goddamn adults here you psychopaths
|
# ? Aug 1, 2017 16:39 |
Nothing bad happens here but it'll only take one incident of someone doing something malicious for that policy to change. We really should be firing people who consistently do it.
|
|
# ? Aug 1, 2017 16:41 |
|
Merijn posted:At any of my previous jobs, if you left your computer unlocked, there was a nonzero chance: This is how people actually learn. In the Navy we'd post a coming out letter to the department heads from whoever left their email unlocked.
|
# ? Aug 1, 2017 16:43 |
|
Zero VGS posted:This is how people actually learn. People can and do learn from methods that don't involve embarrassment or harassment. Judge Schnoopy posted:At my job, if you leave your computer unlocked, people don't loving touch it. I also find that using someone else's access to do stuff is not acceptable.
|
# ? Aug 1, 2017 16:46 |
|
Sickening posted:People can and do learn from methods that don't involve embarrassment or harassment. This existence of this thread has determined this is a lie. Sickening posted:I also find that using someone else's access to do stuff is not acceptable. I'll be sure to pass your finding on to some black hats and such. I'm sure they'll take them into consideration.
|
# ? Aug 1, 2017 16:57 |
|
Raerlynn posted:I'll be sure to pass your finding on to some black hats and such. I'm sure they'll take them into consideration. God drat this is a clever post. So loving edgy.
|
# ? Aug 1, 2017 17:01 |
|
Raerlynn posted:I'll be sure to pass your finding on to some black hats and such. I'm sure they'll take them into consideration. holy poo poo you're right the only way to stop black hats is to publicly embarrass and borderline sexually harass employees until their moral is so low and paranoia is so high they can't help but to lock their computer every time they look away from it this is the true answer to IT security
|
# ? Aug 1, 2017 17:07 |
|
Raerlynn posted:I'll be sure to pass your finding on to some black hats and such. I'm sure they'll take them into consideration. Everyone knows the real way to make sure your stuff is secure is to build up such an image of evil and hatred that you alienate all of the people in your company and no one wants to come within ten feet of you or your desk. e: I have admittedly put one of those infinite Windows Update screen sites on a coworker's unlocked computer once, but that was because we're friends and we both thought it was a) harmless and b) funny. Kazinsal fucked around with this message at 17:11 on Aug 1, 2017 |
# ? Aug 1, 2017 17:09 |
|
Oh you didn't want to be stabbed? I'll be sure to tell all of the murderers out there, I'm sure they'll take that into consideration.
|
# ? Aug 1, 2017 17:11 |
|
Zero VGS posted:In the Navy we'd post a coming out letter to the department heads from whoever left their email unlocked. I forgot to lock my PC for 5 minutes on the last day before I got out of the Navy, and a fellow enlisted saw it fit to send a prank 'goodbye' mail to the whole boat. Not my idea of fun, and the reaming the enlisted got when the CO found out who did it probably set a new Navy record.
|
# ? Aug 1, 2017 17:16 |
|
Judge Schnoopy posted:holy poo poo you're right So you don't lock your car and house up every day because it's good security, you do it out of paranoia? And that causes you such severe distress? Oh my God, how the gently caress do you function? There are bad actors all the loving time. The first time someone grabs an unsecured terminal and recreates the Sony breach in your shop, you can be drat sure the person who left their poo poo open will be held accountable for the damage done. If it distresses you so to exercise even the most basic of security functions, to secure the poo poo you are given to do your job, then I have to wonder what else you half-rear end. Kazinsal posted:Everyone knows the real way to make sure your stuff is secure is to build up such an image of evil and hatred that you alienate all of the people in your company and no one wants to come within ten feet of you or your desk. Clearly that's what I'm doing by insisting you lock your poo poo up and not leave multiple root terminals and domain admin sessions open. Raerlynn fucked around with this message at 17:25 on Aug 1, 2017 |
# ? Aug 1, 2017 17:22 |
|
"My black hat friends" What's a dumb thing to even put out there. Let me tell you about the scumbags I am proud to know...
|
# ? Aug 1, 2017 17:22 |
|
We don't do anything overly embarrassing at work, but backgrounds have been known to be changed to various My Little Pony themes and the like. Only within IT, because we should know better. C levels won't let us institute a timed lockout policy company wide because it's so haaaaaaaaaarrrrrdddd to type your password.
|
# ? Aug 1, 2017 17:23 |
|
DigitalMocking posted:We don't do anything overly embarrassing at work, but backgrounds have been known to be changed to various My Little Pony themes and the like. We actually have a 15 or 30 minute lock out, but people still manage to forget their password all the time, despite them typing it 3-4 times a day, 5 days a week.
|
# ? Aug 1, 2017 17:26 |
|
|
# ? Jun 7, 2024 12:45 |
|
Raerlynn posted:So you don't lock your car and house up every day because it's good security, you do it out of paranoia? And that causes you such severe distress? Oh my God, how the gently caress do you function? Hey good post and all but you're still being terribly obtuse. I lock my car. I don't check my neighbor to make sure he locked his car, and if I find it unlocked, I wouldn't fill it with shaving cream because he's not being safe. I might knock on his door if I found his garage door was open all night, just to be polite. And similarly, if my neighbor decided to spraypaint my garage because I left it open overnight instead of nicely reminding me about bad guys in the neighborhood, I most certainly would report him to the proper authorities. Vandalizing your coworkers because they don't follow security practices is not ok you fuckwit, try being an adult
|
# ? Aug 1, 2017 17:27 |