[THIN] Re: speaking of security nazis

  • From: Adam Thompson <adwulf@xxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Thu, 27 Aug 2009 12:38:29 +0100

2009/8/26 Andrew Wood <andrew.wood@xxxxxxxxxxxxxxxx>:
>
> Security bods are never happy tho’ – the best you can hope for is ‘less
> unhappy grudging acceptance of risk’ :?
>

Our security bods performed a bit too much lock-down recently.
Turning off 'old' servers that didn't have two-factor authentication
without telling anyone, and firewalling out pretty much all outbound
traffic, so we can't telnet directly to webservers or nslookup
directly against nameservers.  We only get external access via a
proxy, which robs us of quite a lot of troubleshooting techniques.

They also locked down MS communicator, so any message containing what
looks like a hyperlink would be blocked.
God forbid that a company which is primarily web-hosting should want
to send.. gosh.. a URL!
The other annoying point there is that I didn't send a hyperlink.  I
sent plain ascii.  Communicator turns it into a link, and then blocks
it!

Anyhow - this comic strip suddenly found its way onto a lot of noticeboards:
http://www.dilbert.com/strips/comic/2007-11-16/

For any security people reading this thread- please, for the love of
God, talk to the people who actually do the work to find out what they
need, and get their views on their requirements before you go turning
things off!

-- 
AdamT

PS: Fortunately, they left port 53/tcp outbound open (presumably
thinking that workstations need to perform zone transfers), so
everyone just moved their home machines' SSH or RDP ports to that, and
order was restored.
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
Thin List discussion is now available in blog format at:
http://thinmaillist.blogspot.com
Thinlist MOBILE Feed
http://thinlist.net/mobile
************************************************

Other related posts: