On 2017-03-31 18:09, Konstantin Olchanski wrote:
>>
>> anybody who did [this] [should] be fired upon it's discovery, not "let go" or
>> "laid off" but really "fired for cause".
>>
>
> I am not sure I like this crazy talk about IT departements becoming judge, jury
> and executioner and about firing people left and right for violating some
> arbitrarily made up rules. ("your password is only 28 characters long, you are fired!").
>
> My dislike nomatter, in practice, all this KGB stuff comes to nothing when you try
> to fire a Nobel-prize-winning professor or when you discover that the boss
> of your boss is reading playboy instead of nytimes.
That's why I pictured IT plus other corporate authorities. When you compromise
security on a company's network you give away the keys to the corporate kingdom.
That can, has, and should lead to a firing. Having a password that doesn't meet
spec is a whole different ballgame. And using your CDROM drive as a coffee cup
holder is something else again. Using your USB ports to plug in random dongles
you picked up on the street is a potential serious compromise to the corporate
systems. But, it's up to the IT department to fill them with epoxy, chewing gum,
or whatever else they want. For that matter password parameters are up to the IT
department to enforce by not allowing entry of a bad password or providing more
secure alternate means.
The WiFi node the person wanted to install on a company computer on company
property simply creates a wide open hole into the network. If that's OK what is
all this bother with SELinux, firewalls, and other security tools that
supposedly Linux doesn't really need because well it's magic. (Yes, a Linux
machine with a user connected to the keyboard and mouse rather than an IT drone
is going to pick up malware. Recent exploits suggest this can be serious. In
that case AV helps if you're not among the very first exposed to it.) I
personally believe companies should have a published policy (hah - PUBLISHED you
say? Our policies are secret.... - been there, too) declaring that such a WiFi
tap on their network is a firing offense leading to immediate dismissal unless
you have a REALLY REALLY good story. On the other paw, if the company isn't
worth preserving in the minds of its owners and management, then go ahead and
put in the WiFi tap. Have the grace to feel guilty if it does hasten the
company's demise, though.
{o.o} Fortunately I am exposed to VERY weak hacking attempts locally. I live
uncomfortably dangerously and monitor security logs religiously. If I owned a
company with me as an IT manager I'd be fired long ago. OTOH - only one
penetration by malware since 1985 on open networks isn't altogether bad for a
novice, even if she is paranoid. (They really are out to get me; but, there is
nothing personal about it. You'll do just as well as me as a victim.) {^_-} And
methinks me has said enough. IT should have published policies that employees
are kept aware of. THEN things like an open WiFi (aka any WiFi) router covertly
installed by an employee can lead to immediate dismissal.
|