Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^2: Perl Security Testing

by Your Mother (Bishop)
on Jul 24, 2017 at 18:38 UTC ( #1195904=note: print w/replies, xml ) Need Help??


in reply to Re: Perl Security Testing
in thread Perl Security Testing

Social engineering is almost(?) always the greatest risk. At my last workplace we were required to close the door on someone behind us, no matter how close, so they would have to use their own key card to get in. It is VERY HARD to close the door in the face of a fellow employee you know even though they might have been fired that morning for all you know.

Replies are listed 'Best First'.
Re^3: Perl Security Testing
by RonW (Parson) on Jul 25, 2017 at 20:48 UTC
    It is VERY HARD to close the door in the face of a fellow employee you know even though they might have been fired that morning for all you know.

    Yes, it is very hard. Where I'm, now, even the head of security sometimes holds the door for fellow employees.

    One place I used to work had revolving doors so only one person per card "swipe" could get through.

    (There was also a door for handicap access at the main entrance. It was activated by the security guard.)

      Sometimes things get absurd. I our data center we had the usual separation units with key cards, finger prints, video etc. And this units have sensors under the floor that check if someone is inside. And the sensors have a threshold. Some day a guy that looked like John Coffey in "The Green Mile" checked in. But he couldn't check out - probably because of his weight. The security guys needed about an hour to get him out.

      Best regards, Karl

      «The Crux of the Biscuit is the Apostrophe»

      perl -MCrypt::CBC -E 'say Crypt::CBC->new(-key=>'kgb',-cipher=>"Blowfish")->decrypt_hex($ENV{KARL});'Help

        The office building, where I work, had a show case data center room adjacent to the main lobby, complete with large windows. When my current employer took out the lease on the building, the VP of IT decided to use that room for as our data center, partly because it already had the required AC and electrical, and also because the door was right next to the security desk. To get in or out, you need both a properly authorized access card and for the guard on duty to know and recognize you. (The entry is airlock-style, so anyone trying to exit that the guard doesn't recognize is contained while the guard contacts a higher authority. Also, the windows are now covered, except for the door windows.)

Re^3: Perl Security Testing
by perldigious (Priest) on Jul 31, 2017 at 13:14 UTC

    We had the same problem when they tried implementing that policy at my $job--. Management "solved" the problem by installing what they called "fast lanes" that all the employees had various alternate derogatory names for instead (they were anything but fast). The lanes were basically a sensor for your badge, two glass panels that met in the center and slid open left and right when a badge was scanned, and motion sensors to make sure only one person walked through. The problem was the sensor would get it wrong all the time, people would frequently have to do things like push equipment carts through (setting off alarms), and you could only scan in if you weren't logged as inside any company building and scan out if you were inside THAT building. Massive problems all the time, alarms always going off, if security wasn't present such as anytime after 5:00 there was no way to get in a building if the system wasn't working (as if people weren't already upset about working late).

    One day when the entire system had crashed (that happened quite a bit), there was a blue screen of death on the LCD on top of the badge scanner noting that it was running Windows CE. All the Software Engineers who had experience doing embedded projects based on both Linux and Windows CE for the company of course had a good laugh saying things like, "well, that's your problem right there." My immediate manager at the time, who was awesome, jokingly said things like, "I wonder which executive's brother-in-law owns the company that does these fast lane things," and, "I'm pretty sure this 'security' talk is all a ruse and they are just starting to log lists of all the employees who dare to not work a 45+ hour work week every week."

    On the plus side, a few of us did become pretty good friends with one of the security people, who after you got a beer or two in him would lament that, "yep, my job is pretty much ridiculous... but hey, if this is what somebody wants to pay me for."

    Just another Perl hooker - My customers appreciate that I keep my code clean but my comments dirty.
Re^3: Perl Security Testing
by Anonymous Monk on Jul 24, 2017 at 21:24 UTC

    Just pretend its a bathroom door

    Also report the guy to OSHA guy, walking face first is dangerous

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1195904]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2019-09-18 01:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    The room is dark, and your next move is ...












    Results (219 votes). Check out past polls.

    Notices?