Re: I have been asked to leave the company for having spotted serious security breaches
From: Leythos (void_at_nowhere.lan)
Date: 02/03/05
- Next message: Bill Unruh: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Previous message: Michael J. Pelletier: "Re: I have been asked to leave the company for having spotted serious security breaches"
- In reply to: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Next in thread: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Reply: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 03 Feb 2005 00:34:59 GMT
On Wed, 02 Feb 2005 18:39:00 -0500, Curious George wrote:
> Allright guys. . .
>
> All of you have made your point. This is the Original Poster and I am not a
> troll unless you catch me on a Friday night after a few drinks.
Good, I was hoping you were not a troll, this happened in a group once
before.
> The advise given here is solid, good and very much appreciated.
>
> Actually, I have not been asked to leave. . . its a subtle hint, but I
> think thats where they are going. After all, it would look really, really
> sleeeazy to the board of directors if their chief IT guy was escorted out or
> asked to leave or something else because he brought up a major, major, major
> security issue which, I must add, they have NOT addressed yet!
So, have you put together a plan on correcting the problem? Instead of
just alerting them to the situation and making it seem like it's been
blown out the window, if you were to present a sound plan to secure the
network with time-line estimates and resources they might accept it and
turn around their issue with you.
> The memos are not flying, indeed, the issue is so silent you could hear a
> mouse fart. I think I have made peace with my boss, rather, tolerating it.
> Never the less, considering the nature of the information that is at stake
> (e.g. children's record, to name but a few), I think that I am doing the
> right thing.
We did a job for a state's department of health, when I was asked about
Web security and portals I mentioned that they had public IP's on their
internal network and that I could access any machine with a public IP from
anywhere in the country... As it turned out they didn't understand the
firewall and had done and ANY rule inbound to the entire developers
segment of the network... They figured that since they ran Windows with
Novel as the network that there were no problems :)
I asked the departments supervisor if I could present a plan for securing
the network while still permitting developers to work without problem and
also a solution for remote access where needed. It took about 3 days to
document everything, but they bought the solution from us. It was
interesting to see the look of shock from the various department heads on
how open their network was and how easy it was to gain access to personal
information.
The funny part was that after it was secured another company came in and
sold them on the idea that if they had been using a PIX that it would
never have been a problem, and they bought it without asking about the
proposal from that company - spending all that money to replace something
they didn't understand with something they still didn't understand and was
harder to maintain :)
> On the other hand, this type of stuff is not something that schools like to
> get out.
>
> On a brighter note, I posted this and then called a buddy of mine who has
> been in the IT field about as long as I have. A phone call later and I was
> on the horn with a real headhunter - no, not the sleazy employment agency
> troll type, but a bona fide headhunter.
You should still present them with a plan on resolving the issue, it may
come back as a good reference and also could get you promoted if your plan
actually fixes the problems - sometimes people react from fear/shock, but
when you put the facts and solution on paper they get a little time to
settle down and realize the implications.
> In any event, I think that what is going to happen is that they are going to
> try to make things work out and then, oh well, then the ball is in my court.
>
> I think that this underscores that its time to move on to greener pastures.
> Hey, because of this I have started toying with security utilities I had not
> touched in about two years. Darn, this stuff has gotten really, really
> sophisticated and. . . well, I have become rather paranoid about things. SO
> guess what the first thing I did this AM was??? Yep, my password is now so
> long and has so many characters in it that. . .
You do understand that your password length means nothing of anyone else
has admin rights?
> The short of it is that its really sad that these are the sort of people who
> we entrust to oversee the administration of schools and handle our most
> precious resource, our children. I think its not so much the teachers,
> although there are plenty of bad ones I assure you, its the administration
> of these schools that is at issue. The really good teachers, the
> progressive ones who want to really make a difference and truly enage these
> young minds with challenges are being squashed.
>
> Enough rambles, I am boring the crap out of everyone.
>
> Thank you so very, very much to all of you for having contributed to this
> thread. My apologies to those of you whom I have pissed because of my
> excessive cross posting and I hope that if we ever have the opportunity to
> work together I can return the favor.
Never pissed me off, I just wasn't sure if you were real or not.
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Bill Unruh: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Previous message: Michael J. Pelletier: "Re: I have been asked to leave the company for having spotted serious security breaches"
- In reply to: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Next in thread: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Reply: Curious George: "Re: I have been asked to leave the company for having spotted serious security breaches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
