One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • Hogger85b
    link
    fedilink
    891 year ago

    Set the automatic timeout for admin accounts to 15 minutes…meaning that process that may take an hour or so you have to wiggle the mouse or it logs out …not locks… logs out

    From installs to copying log files, to moving data to reassigning owner of data to the service account.

    • @chiliedogg
      link
      531 year ago

      And that’s why people use mouse jigglers and keep their computers unlocked 24/7.

      • @fat_stig
        link
        English
        91 year ago

        Mine was removed by Corporate IT, along with a bunch of other open source stuff that made my life bearable.

        Also I spent 5 months with our cyber security guys to try and provide a simple file replication server for my team working in a remote office with shit internet connectivity. I gave up, the spooks put up a solid defense, push all the onerous IT security compliance checking onto my desk instead of taking control.

        Not as bad as my previous company though, outsourced IT support to ATOS was a nightmare.

        • @Aceticon
          link
          9
          edit-2
          1 year ago

          It’s reasonably easy to make a hardware mouse wiggler with an Arduino Micro (and I don’t mean something that physically moves a mouse, rather something that looks like a USB mouse to the computer and periodically sends mouse movement messages).

          If you’re desperate enough, look it up as it’s quite simple so there should be step by step instructions out there.

            • @Aceticon
              link
              2
              edit-2
              1 year ago

              Yeah, it’s surprisingly simple to get these microcontrollers to become essentially programmable keyboard/mouse emulators, by which point if you’re familiar with the stuff to program them (Arduino being the simplest and most widespread framework) it really just becomes a coding task and you can get it to do crazy stuff.

              I suggested an Arduino Micro board because it bypasses the whole hardware side of the problem, but something like what you mention is even simpler.

            • @[email protected]
              link
              fedilink
              English
              11 year ago

              I used a Sidewinder keyboard for years with programmable macros.

              Yeah, I had my password as a macro.

              Dick move on my part as the macro, I’m fairly sure, is stored in plaintext on the PC. But the convenience was great. I don’t do that any more.

            • @Aceticon
              link
              31 year ago

              Well, my off the cuff suggestion was what seems simple to me in this domain ;)

              That said I get what you mean and agree.

        • @FooBarrington
          link
          51 year ago

          That’s why you buy a jiggler that you place your mouse onto. Not detectable by IT :)

            • @KrudlerOP
              link
              English
              61 year ago

              Ahhh the old “level up an RPG Skill by jamming a pen cap into a key and going to watch Night Court reruns” method.

              Thanks, I actually didn’t know holding CTRL would keep the system awake!

            • @FooBarrington
              link
              51 year ago

              Does that keep your status in Teams as “online”? That’s what I use the jiggler for - if I’m waiting for CI tests which take 30+ minutes and I sit in front of the laptop, I don’t want to have to manually jiggle my mouse every couple of minutes just to keep my status.

              • @[email protected]
                link
                fedilink
                3
                edit-2
                1 year ago

                Idk about every application but it keeps windows from timing out which serves most purposes for me.

          • @fat_stig
            link
            English
            51 year ago

            After mine was disabled, I found that if I run videos of old meetings or training onscreen, it keeps the system alive…

            Works nicely when I’m WFH.

    • netburnr
      link
      English
      151 year ago

      There is no compliance item I am aware of that has that requirement, some CISO needs to learn to read.

      • @Hobo
        link
        111 year ago

        Misunderstood STIG from the sound of it. The STIG is only applicable to unprivileged users but tends to get applied to all workstations regardless of user privileges. Also I think the .mil STIG GPOs apply it to all workstations regardless of privileges.

        The other thing that tends to get overlooked is that AC-12 let’s you set it to whatever the heck you want. Ao you could theoretically set it to 99999 year by policy if you wanted.

        https://www.stigviewer.com/stig/application_security_and_development/2017-01-09/finding/V-69243