January 2, 2013 at 2:03 am
You were lucky, I have worked in some companies (including the current one) that believes it is too much effort and too expensive to set up power accounts for admins. Then again they seem to prefer the developers, 3rd parties & applications to have SA rights.
A few companies have a lock down policy and then its just habit to use the appropriate login. Also, stops the face-palm-Doh!! moments 😉
January 2, 2013 at 2:13 am
In the past I've known a brief hacking attack to result in a DBA to be dedicated full-time for two weeks solid to clean up the mess and that was after the hole was plugged.
January 2, 2013 at 3:40 am
Sounds all to familar, especially with people not locking their workstations. At a previous employer we had a security audit for anyone working on sensitive high level information and if you worked on the Ministry of Defence contracts, to which we where given a sonar to put on top of our monitors, so that if you moved so many inches away from your workstation it automatically locked the machine for you.
http://www.rfideas.com/products/presence_detector/pcprox_sonar/
January 2, 2013 at 7:31 am
Kinda surprised at that story. At a former site, we had one guy who went to the security workshop, came back and told everyone to lock their stations, and most people ignored him. If he didn't like you, he would watch for when you left your station unlocked and send an email from you, usually something about goats. The boss liked him, so he got away with it. Personally, I would have found some more work for him.
January 2, 2013 at 7:44 am
We have a staff small ads system and so the favourite trick on the shop floor is to place a nonsense advert using the unlocked workstation such as Wanted - Braincell.
This then results in the user getting emails and a call from the system administrators who monitor adverts!
Most users other than admins cannot write to the C drive and USB and other ports and cd/dvd drives are locked down on our systems so can't be used and can only be opened up to specially encrypted memory sticks. This stops anything being brought in from outside or being installed by non-admin staff. It's not rocket science and I'm surprised it's not industry standard practice.
January 2, 2013 at 7:56 am
At a previous employer, we played "donuts". If you walked away from your station and didn't lock it, then whoever noticed this would pop up a new email and send it to the "Admin" group address with the word "donuts" as the subject (which takes all of about 10 seconds). Who ever was dumb enough to leave their station unlocked then had to buy donuts for the entire admin team that Friday. It was a fairly large admin team, so you had to be ready to shell out 50-60 bucks.
A little goofy, but it drove the point home...lock your station every time, or it will cost you.
January 2, 2013 at 8:56 am
jon.spain (1/2/2013)
At a previous employer, we played "donuts". If you walked away from your station and didn't lock it, then whoever noticed this would pop up a new email and send it to the "Admin" group address with the word "donuts" as the subject (which takes all of about 10 seconds). Who ever was dumb enough to leave their station unlocked then had to buy donuts for the entire admin team that Friday. It was a fairly large admin team, so you had to be ready to shell out 50-60 bucks.A little goofy, but it drove the point home...lock your station every time, or it will cost you.
That's a good idea. I like that as a way of teaching people to lock their stations.
January 2, 2013 at 9:00 am
WolforthJ (1/2/2013)
Kinda surprised at that story. At a former site, we had one guy who went to the security workshop, came back and told everyone to lock their stations, and most people ignored him. If he didn't like you, he would watch for when you left your station unlocked and send an email from you, usually something about goats. The boss liked him, so he got away with it. Personally, I would have found some more work for him.
I can appreciate the annoyance, but it drives home an important point. The only way we audit actions is with your authentication on your workstation/laptop/device. At least right now. In a group environment, leaving your workstation unlocked is a security risk. I can't tell you how many times I've found out about people you thought you could trust, or thought you knew, were performing some inappropriate, unauthorized, or illegal action for their own gain.
January 2, 2013 at 11:38 am
When I worked at The Major US Motorcycle Manufacturer the salaried employees were warned during our orientation to never leave our workstations unlocked when we stepped away. Seems that in addition to the need for security, the "non salaried employees" were known to wander the non-production areas during their breaks looking for unattended PCs. The story told was that they would send e-mails, surf the 'net, and other things they shouldn't be doing. One fellow was caught after sending a rather unflattering e-mail to the plant manager when a security camera just happened to be pointing in the right direction. I learned rather quickly that Windows-L was so easy to do that it became a habit that I still do to this day.
Buying doughnuts for the team is good lesson and cheaper than losing your job over a security breach.
January 2, 2013 at 1:32 pm
That's a pretty neat little gadget!
I try to remember to lock my PC every time I step away, mostly because at my employer I've got full Domain Admin privileges (and lets not get started on that, I *KNOW* it's a bad practice) and also I just don't want anyone wandering over to read my e-mails.
Of course, sometimes I go faster than Windows likes, so I hit CTRL+ALT+DEL, then Space, but it hasn't gotten to the screen where the space would hit "Lock," so I come back, hit CTRL+ALT+DEL to unlock and lock in, and lock it...
Always fun when I do that...
Jason
January 2, 2013 at 3:05 pm
I guess I don't get it, what is so hard about hitting the the Windows logo key and then L ?:-D
"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
January 2, 2013 at 3:10 pm
TravisDBA (1/2/2013)
I guess I don't get it, what is so hard about hitting the the Windows logo key and then L ?:-D
Kind of hard to hit the Windows logo key when your keyboard was manufactured in 1987 and is one of these...
😀
You'll get my Modem M when you pry it from my cold, dead hands. If I don't bash your head in with it first, then rinse of the gore so I can keep using it...
😉
Jason
(Yes, Model Ms are incredibly tough)
January 2, 2013 at 6:43 pm
anthony.green (1/2/2013)
Sounds all to familar, especially with people not locking their workstations. At a previous employer we had a security audit for anyone working on sensitive high level information and if you worked on the Ministry of Defence contracts, to which we where given a sonar to put on top of our monitors, so that if you moved so many inches away from your workstation it automatically locked the machine for you.http://www.rfideas.com/products/presence_detector/pcprox_sonar/
That isn't really a bad idea for people working in highly sensitive environments. I usually remember to lock my workstation but sometimes I forget. What really got me to lock the machine was when someone put a gay sex scene as my wallpaper. Most of us IT people aren't easily offended but if someone would do that then the mind can run wild wondering what else they might do.
Cheers
January 2, 2013 at 10:41 pm
jon.spain (1/2/2013)
At a previous employer, we played "donuts". If you walked away from your station and didn't lock it, then whoever noticed this would pop up a new email and send it to the "Admin" group address with the word "donuts" as the subject (which takes all of about 10 seconds). Who ever was dumb enough to leave their station unlocked then had to buy donuts for the entire admin team that Friday. It was a fairly large admin team, so you had to be ready to shell out 50-60 bucks.A little goofy, but it drove the point home...lock your station every time, or it will cost you.
That is an excellent idea.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 15 posts - 1 through 15 (of 31 total)
You must be logged in to reply to this topic. Login to reply