One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • @jj4211
    link
    361 year ago

    We have a largeish number of systems that IT declared catheorically could not connect directly to the Internet for any reason.

    So guess what systems weren’t getting updates. Also guess what systems got overwhelmed by ransomware that hit what would have been a patched vulnerability, that came through someone’s laptop that was allowed to connect to the Internet.

    My department was fine, because we broke the rules to get updates.

    So did network team admit the flaw in their strategy? No, they declared a USB key must have been the culprit and they literally went into every room and confiscated all USB keys and threw them away, with quarterly audits to make sure no USB keys appear. The systems are still not being updated and laptops with Internet connection are still indirectly bridging them.

    • irotsoma
      link
      English
      191 year ago

      Wait, why don’t they use patch management software? If they allow computers with Internet access to connect to them, why not a patch management server?

      • @jj4211
        link
        141 year ago

        They do. In fact they mandate IT assets to have three competing patch management software on them. They mandate disabling any auto updates because they have to vet them first. My official laptop hasn’t been pushed an update in 8 months.

        • @PutangInaMo
          link
          141 year ago

          Do y’all need a consultant? That is so bad it’s a non starter.

          • @jj4211
            link
            101 year ago

            Ironically, we actually have a Segment of our business that provides IT for other companies, and they do a decent job, but they aren’t allowed to manage our own IT. Best guess is that they are too expensive to waste on our own IT needs. If an IT staffember accidentally shows competence, they are probably moved to the billable group.

    • @jj4211
      link
      21 year ago

      Also, I keep a “rogue” laptop to self administrate along with my official it laptop to show I am in compliance. Updates are disabled and are only allowed to be fine y by IT. I just checked and they haven’t pushed any updates for about 8 months.

    • @KrudlerOP
      link
      English
      11 year ago

      deleted by creator