Our web filtering is so bad that any zip file will download at around 6.5Kbaud. The last Firefox update I did took around 3.5 hours to download. I don't even both trying to update my Code Composer Studio at work, it takes over a day. And yet, the company complains about productivity!
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
95% of Organizations Have Employees Seeking to Bypass Security Controls
- Thread starter Zarathustra[H]
- Start date
I'm not so fortunate. Nothing electronic goes through the doors unless it's customer purchased equipment for this building. No laptops, phones, tablets, not even an older MP3 player sans wifi. No wireless mice or keyboards, you won't be bringing in a nice monitor to improve your work experience.
Online activity, no shopping, check your email at lunch, limit social media to lunch, WebSense blocks any site tagged gaming, gambling, etc.
This site is my one vice, thank god that as a SAN Admin, [H] has a related topic for me in the Storage and HD section.
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
I just remembered a good one.
In about 2005 or so, I worked for a company that made custom tubing sets for hospitals. One day they rolled out their new web filtering program without any announcement.
Suddenly one day we lost contact with our Stopcock supplier.
These are stopcocks:
coming from the medical field, browsing while listening to a podcast, LOL
steakman1971
2[H]4U
- Joined
- Nov 22, 2005
- Messages
- 2,433
I worked for a large software company as a developer a few years ago. Our proxy filter started blocking freaking STACKOVERFLOW! I opened up an issue with out IT department (we had about 20000 employees, so trust me I was just a cog). They closed the help desk ticket within the hour and referred me to some BS document.
So, instead of being able to find answers more efficiently, learning from others, etc - I had to spend more time working on problems and/or going home to do the research. I recall once going home, printing out a specific article, that had a solution to my problem. Fucking stupid.
I'm not even opposed to blocking certain sites. I also understand it's not my computer nor my internet I'm using while at work. However, it is my time when I am working overtime. Needless to say, I left that company and never looked back.
So, instead of being able to find answers more efficiently, learning from others, etc - I had to spend more time working on problems and/or going home to do the research. I recall once going home, printing out a specific article, that had a solution to my problem. Fucking stupid.
I'm not even opposed to blocking certain sites. I also understand it's not my computer nor my internet I'm using while at work. However, it is my time when I am working overtime. Needless to say, I left that company and never looked back.
D
Deleted member 93354
Guest
The number of root certs companies install are ridicules, and easy to get around. But you will get seriously reprimanded if they find out.
Lesson of the day: Don't put anything personal across the company network. IT admins get bored. They log everything and will read it all if it's juicy enough, then tell everyone in the company your personal business. I know because my last IT admin did that crap.
BTW: We got blocked from stackoverflow to because it was a "hacking" site
Lesson of the day: Don't put anything personal across the company network. IT admins get bored. They log everything and will read it all if it's juicy enough, then tell everyone in the company your personal business. I know because my last IT admin did that crap.
BTW: We got blocked from stackoverflow to because it was a "hacking" site
I couldn't do anything like that ever. I wouldn't even consider it and if I caught a fellow admin doing it I'd fuck up his world. The only time I have ever done anything remotely close to something like this was when I came to work one morning and my bosses called me into the office. There were two guys, a CITRIX engineer and a Domain Admin that both hated each other, always arguing and accusing each other of shit. Well this time the Domain Admin said that the CITRIX guy had logged into the DC over the weekend and fucked with it. I was supposed to try and dig up evidence. I know it's the job, sooner or later something like this is sure to happen, but I felt dirty all the same.
Of course I didn't find shit. Those two were both nuts.
About the IT Admins reading shit and chirping about their finds in the break room... in my line of work (Canadian gov't - EVERYTHING is watched), if the IT Admin felt like disclosing random personall crap to the crowd they found during a 'sweep' they'd be in the crowbar hotel once the MPs/RCMP got wind of it. If a gov't IT Admin has a problem... they have ample proper channels + immediate police response easily initiated from the comfort of their work station. As an aside, anything caught during official five-eyes electronic intel sweeps (i.e. see Wikileaks about DCS3000/Echelon/PRISM) is at minimum classified Top Secret/SCI and whatever other caveats (SI/TK,etc) spiced on for good measure -- anyone working in this realm doesn't discuss jack shit (especially since Snowden's leaks).
Being the department head, when the policy came down that only one computer at a time per department shall have internet access for no real reason. I just designated my computer as the one and setup a proxy on it.
Th Fortinet firewall the IT idiot setup doesn't even lock down internet access properly, SoftEther VPN operating in DNS tunneling mode easily escapes it.
Th Fortinet firewall the IT idiot setup doesn't even lock down internet access properly, SoftEther VPN operating in DNS tunneling mode easily escapes it.
Trepidati0n
[H]F Junkie
- Joined
- Oct 26, 2004
- Messages
- 9,269
When IT staff think they are doing "God's work", they are just exercising their inner tyrant. I am a design engineer. Some days I go to the office and do nothing and then I come home..get inspired and spend from 7 pm to 7am working on an idea. Probably why i'm starting to work from home more. Measurable increase in productivity (13% more per hour of on the clock time). Just getting tired of the "i can't do your job, but i'm sure as hell gonna try to tell you how to do it".
![Zarathustra[H]](https://cdn.hardforum.com/data/avatars/m/9/9298.jpg?1707758471){kind=avatar}
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,822
Side note. I can only hit the like button once for this one. That is an unfortunate limitation.
WhoBeDaPlaya
2[H]4U
- Joined
- Dec 16, 2002
- Messages
- 2,642
M76
[H]F Junkie
- Joined
- Jun 12, 2012
- Messages
- 14,030
Exactly. And not just web filters, but other policies they usually circumvent or ignore are the ones standing in the way of productivity.
It's very rare to have someone try stealing information they're not privy to anyway.
And even in some cases accessing restricted information can have other motives than stealing it and selling it. In my company there is lots of information that doesn't get shared that would help productivity a lot. And free us from having to chase our own tails in many cases. If only we'd know why are we doing what we're doing.
The company I work for words their acceptable use policy this way as well as adding that circumventing security and monitoring measures is an offense you can be terminated for. Its got to the point that it can really make doing my job a lot harder and I used to fight against it because of that but it just got to the point that the extra effort isn't worth losing a job over and if it makes work take twice as long to complete then so be it. I'll save my personal time for using equipment that actually works right, my own!
I remember doing pr0n scans on our home drive file shares years ago and some of those caught with pr0n getting fired, but that can get political fast depending who is caught with it. These days my company seems to have gone away from that in favor of more of a "Nanny State" model. Ah the good ol' days....
political..in other words some higher ranking manager got caught with their pants down and your company didn't have a zero tolerance policy.
Zarathustra[H]
Extremely [H]
- Joined
- Oct 29, 2000
- Messages
- 38,822
Wait, what? Your drive at home?
That's absolutely none of their business, and how did they get access in the first place?
If my work scanned my private tech, I'd sue the pieces of shit.
WhoBeDaPlaya
2[H]4U
- Joined
- Dec 16, 2002
- Messages
- 2,642
That's why my work lappy does not get within a c*nt hair of my home, aka mega airgap.
I do all remote work from a VM that runs on its own VLAN.
Nice benefit is that I can just take that registered VM anywhere when travelling and run it on damn near everything.
Do NOT want to lug an additional laptop around.
Home drive, aka in active directory under the user account -> profile section {\\shares\users\%username%}
not literally people's home drives.
Last edited:
No home drive are what we call that file share space you are assigned at login.
Exactly!
AHAHAH i said the same thing to the network admins when my previous company blocked online radio. That was it for me and i was out the door.
Avoid Lockheed Martin (unless they've changed in 3 years)
And a good reason why quite a lot of the tech companies with engineering/manufacturing/R&D create a secondary hidden/isolated network for these teams, most are not even aware these exist in their tech company.
Same with the building site security in these companies that have their own secure rooms quite away from front desk and again not many employees know about them.
Know these from experience.
Cheers
Exactly, except my company supposedly did have a zero tolerance policy until the wrong person got caught!
My employer does just this. I noticed it once when the cert expired.
Vermillion
Supreme [H]ardness
- Joined
- Apr 5, 2007
- Messages
- 4,414
I'm the ISSO for our site and some of our contracts. Drives me insane when I try to go read up on some new 0-day and Websense blocks it because "Computer Security". My other favorite is I need Putty to log into the corporate SFTP in order to download things like the main SEP updated install file. Putty is blocked as "Downloads or Games". Had to download Putty on my phone, plug in the phone, copy it to my laptop and then move it to my file server. /sigh
Ours (and I helped write it) says you can use it for personal reasons during break times and lunch. That's not really enforced though provided you actually do your job. It's all just for the lawyers.
They haven't started doing this at work just yet. I haven't heard anything about them going that route but it's definitely something I'm keeping my eye on. Because as soon as they do....OpenVPN gets installed on a Pi3 at home and over 443 I go.