|
Lil Bukowski posted:No, I don't know where the remote is! Did you look in the conference room / under the couch / break room / kitchen? You have a conference room at home? Is that used for contacting your mother in law or something?
|
#
¿
Dec 11, 2008 01:19
|
|
|
|
| # ¿ Apr 25, 2024 23:48 |
|
|
Lil Bukowski posted:Someone at a remote site conned our receptionist into giving out my cell number. It spread like wildfire from community to community. Now Bananna Phone rings out in the middle of the night because some bookkeeper is pissed that we're enforcing the go-home-to-your-kids access rules that our company president told us to enforce. And this is why you only ever give out your desk phone number. You forward your desk number to your mobile if it is not answered. Someone asks for your mobile number? "My desk phone number is blah and it forwards to my mobile". You go on leave and don't want to take any calls? Turn off the divert or divert it to your servicedesk / manager / co-worker / receptionist. If you have a fancy VoIP desk phone then you may be able to schedule what hours call forwarding is valid for or filter phone numbers etc.
|
|
#
¿
Jan 21, 2009 07:26
|
|
|
What is going on with our Helpdesk staff?!Helpdesk ticket posted:Subject: Profiel Cprrupted
|
|
#
¿
Feb 4, 2009 02:29
|
|
|
CrazyDutchie posted:Actual answer: What argument do you give against VPN over wireless? You're obviously allowing VPN access as you're discussing revoking VPN access and I'm going to assume that you're using security tokens (RSA or otherwise). If so, it's going to be basically impossible for anyone to discover anything, even if you're connecting via a public completely unsecured wireless network. If you're allowing VPN access then you're allowing some kind of remote access, and if you're that paranoid about access via wireless networks then you're going to have to consider things like connections from hotel networks (who knows what is in the middle) and access from non-wireless home networks (again, anything could be connected to an unknown network and packets can be sniffed regardless of whether it is wireless or not). Yes an unencrypted connection over wireless would be dangerous - ie popping a mailbox, connecting to a FTP (not SFTP) server etc - but encryption and security tokens mitigate this risk to an acceptable level from my point of view. Finally, your greatest security risk is likely to be coming from your users doing silly things like backing up documents to a USB drive and then losing that drive (yes I know you can lock it down, it's an example) or just abusing their security privileges. Overly draconian policies waste peoples time, lower moral, affect productivity and ultimately affect the business bottom line.
|
|
#
¿
Apr 23, 2009 07:07
|
|
|
CrzyDTpBoy posted:puts Windows boxes on random networks that may or may not be using WPA2. Those three things alone are enough for a targeted attack. So ensure that all machines run a software firewall that requires admin rights to disable, provide policies that block all inbound connections except those from the IP ranges that the company uses internally and the VPN endpoint, and ensure your machines have all up-to-date security updates as part of your patching schedule. CrzyDTpBoy posted:exposes the endpoint of the VPN concentrator Exposes as in reveals its address? It should be assumed that the address is known when designing security measures - otherwise you are relying on security by obscurity. CrzyDTpBoy posted:split-configuration configs Are you referring to having multiple machines that communicate with each other both being company owned and both being at the remote site communicating over the insecure wireless network? If so, then as I mentioned before, firewall rules would stop them from being able to communicate except over the VPN, eliminating any major issues. CrzyDTpBoy posted:Come on now, the risk on a wired network is minuscule compared to wireless. There's a chance someone will torture me for my passwords, but that doesn't mean I might as well change them all to password1. The torture is a fair point (  ) but generally you're far more likely to have people write down and leave their password around the place (without changing it) or copying data to external media and losing it.CrzyDTpBoy posted:I'm not saying it's a completely necessary policy, but there are a whole lot of potential vectors cut off by disallowing wifi. Fair enough, I just think that it is unnecessarily restrictive when good policy should prevent most of those factors being a risk in the first place. You're effectively limiting the locations in which your staff can work remotely, which may mean you miss out on some productivity benefits. Out of curiosity, what is your view on VPN over mobile data networks (ie 3G) etc? It isn't shared with other users directly like an unsecured wireless connection, but there's still the possibility that someone may try and tap the connection. I still think that my hotel wired data connection scenario is valid as well.
|
|
#
¿
Apr 24, 2009 02:29
|
|
|
Casao posted:You're hilarious if you don't know that forcing them to use wired internet means plugging into their wireless router with a cable. Yes because you always have physical access to the wireless router. Especially in hotels or out at client sites. Edit: The point is that you should be able to provide secure access regardless of the intermediate network, because you should always assume that any aspect of the connection that is not directly controlled by the company is suspect (if you have security concerns with internal aspects of the network then that is a different issue altogether). Maelstrm fucked around with this message at 03:10 on Apr 24, 2009 |
|
#
¿
Apr 24, 2009 03:05
|
|
|
Just thought I'd add this ticket to the pile (from someone interstate that I've never met before):Development Lead posted:I need Visio installed on my laptop. So...can I? can I? Huh? Go on. Go on. You know you want to. Helps lift the day a little. I can imagine what a nightmare it would be if all requests were like this though.
|
|
#
¿
Jul 21, 2009 08:49
|
|
|
|
| # ¿ Apr 25, 2024 23:48 |
|
|
Doc Faustus posted:but at least I did something useful with it all. Be aware that people have been fired, sued and generally put through the wringer for installing distributed computing software on corporate or educational computers without high level managerial approval. It might seem completely benign, but from a practical point of view it will increase power usage, increase heat output, increase network usage and increase the possibility of hardware and software faults. If they wanted to get super bitchy they could say you are having their machines run unknown code that is managed from an external system and they could claim it is the same as adding the machines to a botnet. Not to mention you have a webserver with dynamic script on it which will not be maintained and could quite possibly be hit with an exploit in the future which may expose their network to hacking attempts. Finally, your login details are probably all over the installation and also the F@H account. In summary, sorry to be the grinch but either get approval ASAP from management or clear it off as soon as you can and hope nobody ever finds out about it.
|
|
#
¿
Jun 1, 2010 15:16
|
|