wow - our secrutiy guy IS on the ball

jibbajabba

Had a DC trip for a blade enclosure ILO failure. Went to the DC, connected screen / keyboard and made a picture of the post error message to be send to HP.

Once arrived in the office I got called into the management office. Snr Manager / Security questioning me why I was there, what have I done and what picture have I taken.

I had to hand-over my phone so they can confirm what the picture is. Security guy then deleted the picture referring to our internal policies which I had to sign again.

First I was surprised that they monitored my movement on the camera, but also that he saw I made a picture etc.

I must say that I am impressed how diligent he followed his processes .. BUT .. Blade Management is still down as we aren't allowed to take pictures until the processes have been changed and these exceptions have been implemented.

One thing I hate with corporates - politics ... which always seem to be black / white ... Whilst I understand the security measures, especially given our company's business nature, but why I cannot take a picture in the presence of security to get an HP technican is beyond me ..

knownhero

I used to work in a DC and had to do the same thing. We would ask that anyone entering the suite to put their mobile phone in the safe so they couldn't call anyone. The best part was telling the engineer that he couldn't take his laptop in as it had a camera on it

Essendon

That's some crazy stuff, bordering on paranoia. A trusted employee taking photos of a freaking screen for troubleshooting ONLY! Perhaps he should revoke everyone's access to any server/router/switch/water tank too!

It wasnt as if you were taking pictures of the site in camouflage gear with a crossbow and a quiver full of poison-tipped arrows.

Expect

that's nothing.
In my last job my manager installed on our computers without us noticing a mcaffee tool (not sure which one of their products has this plugin) but it basically keylogged everything from our computers, he knew if we opened cmd, and to which destination we executed a ping command, I believe this is illegal in someway, but he had it removed after the IT director heard this.

Essendon

@Expect, didnt the Manager get fired? My company would SURELY have security escort them out if someone did that kind of thing.

DevilWAH

Think of it like this though, where do most malicious attacks come from? Inside or outside the network?

I hate security from a personal point of view as I personal take care of the networks I work on. But if you consider that in a large organisation that a security breach or service down time can cost millions of pounds a minute. Having very strict controls in place is a good thing.

And while it might seem silly to stop some one taking a picture, you can't break the rules just because its the easy hing to do. If the rule needs to be broke then the policy is wrong so you correct the policy then carry out the work. Unless of course there is a real emergency and you get it signed of by management.

But part of a security policy should be the process to be followed should some one need to bypass it and who need to be informed and who needs to approve it. Generally you would have multiple people from both security and management so there is a complete record of what was done and why.

AS for the Key loggers, while I would not accept my PC being "bugged", in the corporate world it is standard for all servers and devices to log the user that connects and track every command they carry out. If any thing goes wrong or a change is made out side of a change window then its tracked back to who,what and when. Mind you, you where informed of this.

jibbajabba

DevilWAH wrote: »

Having very strict controls in place is a good thing.

Agreed, I was impressed to begin with.

DevilWAH wrote: »

But part of a security policy should be the process to be followed should some one need to bypass it and who need to be informed and who needs to approve it.

Agree, especially if the policies could be business-impacting.

DevilWAH wrote: »

I would not accept my PC being "bugged", in the corporate world it is standard for all servers and devices to log the user that connects and track every command they carry out.

To be honest, as soon as I sit down at my PC at work I would expect them to log everything I touch .. I usually even expect them to screencapture everything I do ..

netstat

In my opinion, this boils down to company policies. If the policy says you cannot take any pictures, than such behaviour is not acceptable. However, this does not mean that something of the sort should hinder your work. In this case, i would raise the issue with your line Manager explaining the issue and possibly discussing what could be done about it.

For example, i would recommend that photos can only be taken using company approved devices by authorised personnel only (in this case you or your team as you have access to the room and the contents).

The device (camera) can be locked up in the server room under key and can also be encrypted just in case it is stolen/lost.

This solves the problem of data leakage on unauthorised devices while allowing you to take a picture and not hindering production.

This obviously increased administrative security due to the key management logging etc, but "Security" and "Convenience" can never fully coexist, hence somewhere a line has to be drawn.

jibbajabba

netstat wrote: »

I would raise the issue with your line Manager explaining the issue and possibly discussing what could be done about it.

As in my initial post - he was the guy giving me the bollocking, same guy who sent me to the DC .. Looks like he got the bollocking sent down and he just needed someone to take the fall for it ...

But that is the annoying thing now - that even the security department is not willing to find an emergency exception in order to fix this blade... HP is now sending an engineer regardless, but still, the whole thing is somewhat annoying

tpatt100

We had to leave mobile phones at our desks or at our cars, no mobile phones were allowed in the labs or server rooms.

QHalo

Security so tight you can't accomplish anything. Sounds amazing. Strict controls are one thing but if it prevents you from fixing an issue then the policy needs reviewed.

Zartanasaurus

QHalo wrote: »

Security so tight you can't accomplish anything. Sounds amazing. Strict controls are one thing but if it prevents you from fixing an issue then the policy needs reviewed.

Dilbert comic strip for 04/04/2008 from the official Dilbert comic strips archive.