Subject: | |
From: | |
Reply To: | |
Date: | Fri, 31 Mar 2017 14:04:37 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On 2017-03-31 13:44, David Sommerseth wrote:
> On 31/03/17 13:40, James M. Pulver wrote:
>> Shouldn't we all take a step back here and ask why your IT support isn't
>> providing the resources you need to run the experiment?
>
> This is absolutely important to consider for the person going to do such
> a project. But that shouldn't stop us on this ML to try to provide some
> solutions which can work.
>
> If this person doesn't use these solutions, others in completely
> different needs may use this information for their challenges.
>
> Mailing lists are a good place to "think aloud" and get input and ideas,
> to share knowledge and learn new things.
>
> I for one will not stop sharing my knowledge when I feel I have
> something valuable to share. Whether people use or find my input
> valuable and useful or not is secondary to the sharing itself. Because
> we all grow when we share.
If the fellow cannot figure out how to add the second card and make it work (he
had to ask here, after all) then he is utterly in over his head for security. I
read the SANS Diary following their discussions as an utter amateur. It gives me
an idea of what is going around so I can work to avoid it. This question is one
of the chief IT nightmare scenarios. It opens a side door into a secure network.
Side doors are generally very easy to penetrate. Once that happens the entire
network and all the site's data storage are up for grabs or are at least one
layer of the onion closer to being penetrated. I know that if I was "in charge"
anybody who did this would be fired upon it's discovery, not "let go" or "laid
off" but really "fired for cause". Security compromises can eat his salary up
each minute for hours on end in costs, legal fees, restitution, and so forth.
The correct "hack" here is to walk up the management chain properly. Sell your
case to your boss. Have your boss sell it to his boss. Lather, rinse, repeat
until the "boss" is at a level to communicate with the IT boss. And be prepared
to compromise. Also remember that YOUR convenience is a very weak selling point
in the face of security; but, not being able to perform your assigned duties,
is. It can be very hard to explain in many cases. But solutions need to be
worked out. One such case is a department which makes dramatic presentations
using computerized hardware in a secure workplace with an aggressive IT
department. What is needed is a secondary network that is treated as being
outside the normal network with very tenuous connections to it. Otherwise the AV
software will trigger at the wrong time ruining a presentation for which the
take of the show is in 6 digits or more. Furthermore some network appliances
used in theaters are um being charitable here "flaky". They do nasty things like
expropriate the 2.0.0.0 network space for their own use. (ARTNET) Others put
tremendous amounts of carefully timed (!) traffic on the network (COBRANET). So
a working solution must be found. It behooves the applicant communicate clearly
and that the IT department adapt. But, first, explain why you cannot do your job
with their rules. And walk that explanation through the hierarchy. THAT is GOOD
hacking.
{^_^} Joanne (I have, indeed, done some strange things in my time.)
|
|
|