LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 09-15-2020, 12:05 AM   #1
Janus84
Member
 
Registered: Sep 2019
Location: New Zealand
Distribution: Debian, Mint
Posts: 48

Rep: Reputation: Disabled
"email me the security system's administrator password, would you?"


Sometimes I'm worried about getting a concussion from how hard I'm slapping my forehead dealing with some "IT professionals".
I work in crime prevention and as everything else, the security systems are part of the client's network these days. Every once in a while, I get requests "from the top" that are truly hard to believe. Would you hire someone to secure your IT environment if he emails administrator credentials around? I mean I'm no certified IP pro, perhaps just a contractor who can smell a bad idea.
Have you come across people like these?
Who would want high end security tech that would comply with such ridiculous requests. I don't care if they take it personally, I do the right thing.
Rant over.
 
Old 09-15-2020, 12:23 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,774

Rep: Reputation: Disabled
All the time, from people at all levels of the organisation. It's frankly depressing.

Boss: "Please e-mail me the document with all relevant credentials."

IT Staff member #1: (shouting from the other side of the cubicle area): "What's the administrator password for ServerX?"
IT Staff member #2: (shouts back): "I changed it last week, it's 'Cheetah1234' now."

Consultant from company delivering project management software: "Hi, we'll need remote access to ServerX. Can you please provide the hostname, username and password? Thanks."

Developer creating a new spreadsheet report: "I need to pull live data from the accounting database into Excel. What's the SA password?" [proceeds to embed sa credentials into a spreadsheet that's available to all Project Managers]

Any non-IT manager displaying such blatant lack of security awareness should at the very least receive a severe dressing down, and be ordered to attend mandatory security training.

But so-called IT professionals doing the same and worse? In my not-so-humble opinion that needs to be a firing offense.
 
Old 09-15-2020, 06:43 AM   #3
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,425

Rep: Reputation: Disabled
Part of the problem is that IT professionals have to meet the needs of the business first and foremost. I've often seen where the IT man who understands security and starts bringing up problems and telling his bosses in so many words that they are clueless, get's slapped down and eventually ends up looking for another job.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"The system has no more ptys. Ask your system administrator to create more." czeslafff Linux From Scratch 13 03-27-2020 11:18 PM
You must be a good system administrator before being a network administrator. mohajuice Linux - Certification 5 01-03-2013 12:46 PM
Help With Java Problem Please"""""""""""" suemcholan Linux - Newbie 1 04-02-2008 06:02 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 07:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration