On 2017-03-31 13:44, David Sommerseth wrote:
> On 31/03/17 13:40, James M. Pulver wrote:
>> Shouldn't we all take a step back here and ask why your IT support isn't
>> providing the resources you need to run the experiment?
>
> This is absolutely important to consider for the person going to do such
> a project.  But that shouldn't stop us on this ML to try to provide some
> solutions which can work.
>
> If this person doesn't use these solutions, others in completely
> different needs may use this information for their challenges.
>
> Mailing lists are a good place to "think aloud" and get input and ideas,
> to share knowledge and learn new things.
>
> I for one will not stop sharing my knowledge when I feel I have
> something valuable to share.  Whether people use or find my input
> valuable and useful or not is secondary to the sharing itself.  Because
> we all grow when we share.

If the fellow cannot figure out how to add the second card and make it work (he 
had to ask here, after all) then he is utterly in over his head for security. I 
read the SANS Diary following their discussions as an utter amateur. It gives me 
an idea of what is going around so I can work to avoid it. This question is one 
of the chief IT nightmare scenarios. It opens a side door into a secure network. 
Side doors are generally very easy to penetrate. Once that happens the entire 
network and all the site's data storage are up for grabs or are at least one 
layer of the onion closer to being penetrated. I know that if I was "in charge" 
anybody who did this would be fired upon it's discovery, not "let go" or "laid 
off" but really "fired for cause". Security compromises can eat his salary up 
each minute for hours on end in costs, legal fees, restitution, and so forth.

The correct "hack" here is to walk up the management chain properly. Sell your 
case to your boss. Have your  boss sell it to his boss. Lather, rinse, repeat 
until the "boss" is at a level to communicate with the IT boss. And be prepared 
to compromise. Also remember that YOUR convenience is a very weak selling point 
in the face of security; but, not being able to perform your assigned duties, 
is. It can be very hard to explain in many cases. But solutions need to be 
worked out. One such case is a department which makes dramatic presentations 
using computerized hardware in a secure workplace with an aggressive IT 
department. What is needed is a secondary network that is treated as being 
outside the normal network with very tenuous connections to it. Otherwise the AV 
software will trigger at the wrong time ruining a presentation for which the 
take of the show is in 6 digits or more. Furthermore some network appliances 
used in theaters are um being charitable here "flaky". They do nasty things like 
expropriate the 2.0.0.0 network space for their own use. (ARTNET) Others put 
tremendous amounts of carefully timed (!) traffic on the network (COBRANET). So 
a working solution must be found. It behooves the applicant communicate clearly 
and that the IT department adapt. But, first, explain why you cannot do your job 
with their rules. And walk that explanation through the hierarchy. THAT is GOOD 
hacking.

{^_^}   Joanne (I have, indeed, done some strange things in my time.)