Is this bad practice?

BowlJar · March 2015

I have a situation at work that is bothering me and was curious if it should. In my department right now there is a giant white board, with IP addresses to everything in our infrastructure. The thing that bothers me is that it is sitting in what is essentially a hallway where everyone can see it.

It isn't just employees who can see it, also any guests on site could as well.

Is this a bad practice?

Verities · March 2015

I'm surprised that you're asking this kind of question having Security + under your belt. This is a pretty basic example of bad security practices.

BowlJar · March 2015

The fact that it seems like such a basic security issue is why it bothers me. But I was wondering if there is a standpoint where this procedure is acceptable, or commonplace. My Network admin who has past experience in Security procedures on corporate scale is who put it up. I have the least amount of real world experience on my team so I don't know what it is common procedure.

Theory over practice kind of deal.

Edificer · March 2015

We on a regular basis receive guests and showcase our server rooms and Emergency Command Posts, but we make 110% sure the curtains are pulled over the whiteboards first.

Verities · March 2015

Have you voiced your concerns to him/her about it? The only place I could see this not being an issue is if you're in a secure office/room or if you're in a NOC that limits access to anyone outside of support.

MTciscoguy · March 2015

When I was working in DC, if something like that had been made visible to anyone other than those with the proper clearance as well a reason to see them, such as security personal that worked on it, you would have been taken into custody and charged with a crime. Company infrastructure maps should be in a place that the only people who see them are those that need to know them. In this day and age of high quality pocket cameras it is way to easy for somebody with nefarious intentions to do a massive amount of damage.

hurricane1091 · March 2015

We don't always follow best practice. I've mentioned it and was basically told "deal with it kid" so take that FWIW.

BowlJar · March 2015

Which in a round about way is what I was told when I brought it up today.

nster · March 2015

It's a pretty bad security risk IMO. You could go over your boss' head to voice your concerns

EDIT: would def piss him off if action was taken though

MTciscoguy · March 2015

BowDar, you have to understand the hierarchy in the IT business is pretty amazing, the prevailing thought process is, you are lower than me, you can't understand why we are willing to breach the companies security! LOL

Don't push it so far you get in trouble, but I would continue to drop subtle hints anytime I could.

rsutton · March 2015

I don't see the problem with listing your IP addresses. Maybe I'm missing something - what is the risk here?

Christian. · March 2015

rsutton wrote: »

I don't see the problem with listing your IP addresses. Maybe I'm missing something - what is the risk here?

Is not a really huge issue, but you are basically showing hints on your topology.

MTciscoguy · March 2015

rsutton wrote: »

I don't see the problem with listing your IP addresses. Maybe I'm missing something - what is the risk here?

With a little bit of basic information you can create some real havoc for a company.

Is this bad practice?

Comments