Security in the Aftermath

  • Comments posted to this topic are about the item Security in the Aftermath

  • I liked this article:

    https://www.wired.com/story/capitol-riot-security-congress-trump-mob-clean-up/

    Mail clients were left open according to this:

    https://www.independent.co.uk/life-style/gadgets-and-tech/capitol-building-riots-cybersecurity-b1783794.html

     

     

    • This reply was modified 2 days, 7 hours ago by  call.copse. Reason: Added Indy link
  • My current employer, a state health agency requires all its employees to lock their computer when they leave their office space. The other past two employers that I worked for required the same of their employees. Locking my PC is second nature. I was taking an ethical hacking course at another state agency when the fire alarm sounded. I locked my classroom laptop before leaving. When we returned to the classroom, the instructor said that the fire alarm was not a test. They swept the floors looking for employees that did not lock their PC.

    At one of those former employers, a coworker left his PC unlocked and what another coworker did was installed the BSOD screensaver. That was entertaining when Steve came back saw his computer doing a memory dump, rebooting, then crashing again. He was on the phone with the support desk when the guy that installed the screensaver, wandered by and said "Screensaver" and hit the escape key.

  • One challenge I find is trying to get into the mindset of a person who does not observe rules, protocols and behaviours.

    It cuts both ways.  Someone who doesn't observe rules, protocols and behaviours probably struggles to understand why people get upset by violations.  In some situations it is only when someone challenges a rule or established process that we actually think about the rule, its applicability etc.

    It would never occur to me to hack a doorbell or imagine the theft possibilities of doing so, but people have done precisely that.

    There's the difference between the spirit of the law and the letter of the law.  We sign up to the spirit but the application and enforcement are on the letter.  Bringing the letter into alignment with the spirit has kept the legal profession and politicians occupied before King Solomon was born.  There are always edge cases.

  • Many places now have a group policy that when a PC goes inactive for 5 minutes it will automatically lock.

  • "I used to hate taking out the trash from a computer room I worked in, but I now appreciate that allowing cleaning staff into that space might not have been a good idea in a nuclear power plant."

    Steve, your comment here brings to mind one subtle threat to security and privacy that I have been aware of for decades.  My wife and I have shared a home office for over 40 years while she ran a business and I did off-hours support as a DBA.   As we work with our data and that of others,  even with multiple monitors on several systems, there is always some paper laying around that contains unsecured data.  The tendency is to just toss the paper into the waste basket and send it out with the trash.

    Even things like paper billings often give away two of the three security items since they contain accounts numbers and often email addresses that are used for logins to private accounts, leaving only the password unknown.

    Another one that comes to mind is my constant use of sticky notes to jot down things I need to remember for a few minutes.   Looking in front of me, I see a sticky note that contains the account numbers for four accounts.

    We have always kept a paper shredder in our office and use it faithfully.  It is close at hand and prevents our personal information from going into the public.

     

    Rick

    The only thing worse than being an influencer
    is believing one.

  • I ought to get a shredder. We don't put trash out (a truck collects our dumpster), but I suppose that's still a potential issue.

    Group Policy is good, but timing is everything, especially if someone is walking by. I built the habit years ago to lock things, and while I don't do it at home, I still am good about locking my machine in a conference center if I walk 20ft to get coffee, or in the Redgate office, if I fill up at the water cooler. I'm not privileged in many things, but I am in some.

  • Yes, at work we were TOLD many times lock your PC when you leave your office.  The group policy is the catch all.  Granted, it won't stop all eyes and hands on a keyboard maliciously.  However, it does help for the ones that leave at the end of the day and forget to log off or shutdown.

  • Steve Jones - SSC Editor wrote:

    I ought to get a shredder. We don't put trash out (a truck collects our dumpster), but I suppose that's still a potential issue.

    Group Policy is good, but timing is everything, especially if someone is walking by. I built the habit years ago to lock things, and while I don't do it at home, I still am good about locking my machine in a conference center if I walk 20ft to get coffee, or in the Redgate office, if I fill up at the water cooler. I'm not privileged in many things, but I am in some.

    I don't lock my PC at home either; it's just my wife and me. In the office, locking my computer is something that I've done since 1997.

  • A boss I had was famous for walking through the area and if he saw an unlocked machine, he'd hit <ctrl><alt>arrow to rotate the developers screen and then lock it. Eventually, everyone got to the point of locking their PC when they got up.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply