this post was submitted on 23 Oct 2023
406 points (97.7% liked)

Ask Lemmy

26682 readers
3202 users here now

A Fediverse community for open-ended, thought provoking questions

Please don't post about US Politics.

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 1 year ago
MODERATORS
Bluetreefrog@lemmy.world
candyman337@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
candyman337@sh.itjust.works
Asudox@lemmy.world
can@lemmy.ca
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
AsudoxDev@programming.dev
406
Tech workers - what did your IT Security team do that made your life hell and had no practical benefit? (lemmy.world)
submitted 1 year ago by Krudler@lemmy.world to c/asklemmy@lemmy.world
254 comments fedilink hide all child comments
 

One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the "unnecessary" USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] al177@lemmy.sdf.org 37 points 1 year ago (1 children)

Oh man. Huge company I used to work for had:

  • two separate Okta instances. It was a coin toss as to which one you'd need for any given service

  • oh, and a third internally developed federated login service for other stuff

  • 90 day expiry for all of the above passwords

  • two different corporate IM systems, again coin toss depending on what team you're working with

  • nannyware everywhere. Open Performance Monitor and watch network activity spike anytime you move your mouse or hit a key

  • an internally developed secure document system used by an international division that we were instructed to never ever use. We were told by IT that it "does something to the PC at a hardware level if you install the reader and open a document" which would cause a PC to be banned from the network until we get it replaced. Sounds hyperbolic, but plausible given the rest of the mess.

  • required a mobile authenticator app for some of the above services, yet the company expected that us grunts use our personal devices for this purpose.

  • all of the above and more, yet we were encouraged to use any cloud hosted password manager of our choosing.

[โ€“] Hogger85b@kbin.social 20 points 1 year ago* (last edited 1 year ago)

I'll.go one further with authenticator. Mobile phones were banned in the data center and other certain locations (financial services). Had to set up landline phone....but to do that needed to request it...approve it on my phone then enter data center security door run and answer the phone line with 60s like something in the matrix.