True enough.
The way we do it:
We have 5 USB tokens. To override a root login requires 3 of the 5 keys. Done deal.
In addition, I have a sealed envelope. My boss's boss has it locked in his desk. If I go AWOL all he as to do is open it and he's golden, keys to the castle are in there. I take the old one and replace it every 90 days.
Point is that if an admin wants to be a dick there is little you can do to stop them, however, an admin refusing to give out keys to anyone but pre-authorized people is admirable, not criminal. In the same boat I've done similar, but fortunately for me my boss had my back, rather than knifing it.
Hey, thanks for the security information. I found your suggestions very helpful and informative.
I've been doing a lot of research on security systems and is seems that everyone has their own ideas of what is the "right way" of doing things.
After reading your post I see that you have a very strong password security procedure that, while on the secure side of the "secure/ease of use" ratio, is fairly simple in it's actual, "real world" implementation.
Now I know I have to kidnap 3 people instead of just 1.
Mandriva used to have a product called MNF that did everything he's asking for. Unfortunately the free version is discontinued. I've built one from scratch using the packages, but it's not easy. That was a long time ago, so I don't know if it's even possible to do anymore. (ie. I don't know if the httpd-naat package is still available)
That being said, I wish they'd bring it back. That product was awesome.
I think they should be able to put any app in the system tray that they want.
The catch is that they have to take a kick in the nuts every time they do.
Also, additional kicks every time it places itself *back* in the system tray.
I'm looking at you Quicktime. >:-(
And yet, here you are.;-)
Seriously, though, thanks for not getting all Preachy McPreacher and telling us what we should or should not be eating.
I can't stand those people.
How many times have scientists changed their opinion on eggs?
Butter?
Beer?
(checks google) holy crap, now there's articles saying salt isn't as bad as previously indicated.
Of course, it doesn't matter really, I've already died during the "Great Mad-Cow Apocalypse" predicted in "Deadly Feasts"
Here are some of the things that I have found that keep me from getting burned out.
1) Check the cable.
2) Check the cable.
3) Seriously, check the cable. You'll feel stupid if you've been working for an hour on a problem only to find a disconnected cable.
4) Lock down your workstations. Hard. You won't win any friends right now, but when people stop having malware problems they'll eventually see the light. Tell them exactly why you are doing this; that you feel their pain; you think spamming should be a capitol offense.
4) Remember that no one loves you until something's broken (we'll fix that later)
5) Tell them there's nothing they can break that you can't fix, so don't be scared to try stuff.
6) Resist the urge to show frustration in front of others regardless of how stupid they are. They are there to do their job, not to become a computer expert.
7) When they want you show them something *always* make them drive. They are more likely to remember it that way.
8) Get off the internet, walk around the office. Find the person in each department who is always swamped with work. They've usually been there the longest and are the "go to" person. I guarantee you can streamline several of this person's procedures and give them back hours of their day. This person will be your friend forever.
9) This is one of the most important; always balance any reports you have written. If finance doesn't trust your numbers they're useless.
It may take a while but eventually you'll be hearing things like, "I know you're such a guru that this won't be a problem. Can you help me with..."
Slashdot Mirror
The color scheme that says, "I'm a cool hacker! Look at how cool I am."
Stupid swimmer.
for all the fscking 60GB units that finally overheated and died this year.
No, it was a plan to harvest the email addresses of everyone who had to create an account so they could "turn it off".
"That, and there's no such thing as bad publicity" - if you believe that crap.
Who'd want to sleep with a vapid hippie chick anyway?
PETA can go fuck themselves.
How difficult is it to imagine that he's a site admin testing security on his or his company's own equipment.
6yr old x-ray visioned zombies. Just what we needed. They can _see_ your brain.
What Would Thomas Becket Do?
True enough. The way we do it: We have 5 USB tokens. To override a root login requires 3 of the 5 keys. Done deal. In addition, I have a sealed envelope. My boss's boss has it locked in his desk. If I go AWOL all he as to do is open it and he's golden, keys to the castle are in there. I take the old one and replace it every 90 days.
Point is that if an admin wants to be a dick there is little you can do to stop them, however, an admin refusing to give out keys to anyone but pre-authorized people is admirable, not criminal. In the same boat I've done similar, but fortunately for me my boss had my back, rather than knifing it.
Hey, thanks for the security information. I found your suggestions very helpful and informative.
I've been doing a lot of research on security systems and is seems that everyone has their own ideas of what is the "right way" of doing things.
After reading your post I see that you have a very strong password security procedure that, while on the secure side of the "secure/ease of use" ratio, is fairly simple in it's actual, "real world" implementation.
Now I know I have to kidnap 3 people instead of just 1.
Mandriva used to have a product called MNF that did everything he's asking for. Unfortunately the free version is discontinued. I've built one from scratch using the packages, but it's not easy. That was a long time ago, so I don't know if it's even possible to do anymore. (ie. I don't know if the httpd-naat package is still available)
That being said, I wish they'd bring it back. That product was awesome.
I'd rather stab myself in the face than buy another Linksys product. I've seen waaay too many of them just stop working.
iHookah?
I have been twiddling my thumbs for the last 8 hours while waiting for approval on 2 changes. One of which will take 10 minutes to perform.
Why do I have to wait for approval? Because management uses this as a tool to measure IT capacity (who can we outsource?).
Why are we needing to outsource? Because we are paying people to sit around with their thumb up their ass.
Apologies if this makes me sound bitter
I'm personally going to disagree with it on the basis that PETA can go fuck themselves.
I think they should be able to put any app in the system tray that they want.
The catch is that they have to take a kick in the nuts every time they do.
Also, additional kicks every time it places itself *back* in the system tray.
I'm looking at you Quicktime. >:-(
That's rediculous! ;-)
LOL
... i generally avoid mentioning it at all. ...
And yet, here you are. ;-)
Seriously, though, thanks for not getting all Preachy McPreacher and telling us what we should or should not be eating.
I can't stand those people.
PETA can go fuck themselves.
Sounds painful.
I still remain skeptical.
How many times have scientists changed their opinion on eggs?
Butter?
Beer?
(checks google) holy crap, now there's articles saying salt isn't as bad as previously indicated.
Of course, it doesn't matter really, I've already died during the "Great Mad-Cow Apocalypse" predicted in "Deadly Feasts"
It's a neat idea, but Holy Crap that video was annoying.
PETA can go fuck themselves.
Here are some of the things that I have found that keep me from getting burned out.
1) Check the cable.
2) Check the cable.
3) Seriously, check the cable. You'll feel stupid if you've been working for an hour on a problem only to find a disconnected cable.
4) Lock down your workstations. Hard. You won't win any friends right now, but when people stop having malware problems they'll eventually see the light. Tell them exactly why you are doing this; that you feel their pain; you think spamming should be a capitol offense.
4) Remember that no one loves you until something's broken (we'll fix that later)
5) Tell them there's nothing they can break that you can't fix, so don't be scared to try stuff.
6) Resist the urge to show frustration in front of others regardless of how stupid they are. They are there to do their job, not to become a computer expert.
7) When they want you show them something *always* make them drive. They are more likely to remember it that way.
8) Get off the internet, walk around the office. Find the person in each department who is always swamped with work. They've usually been there the longest and are the "go to" person. I guarantee you can streamline several of this person's procedures and give them back hours of their day. This person will be your friend forever.
9) This is one of the most important; always balance any reports you have written. If finance doesn't trust your numbers they're useless.
It may take a while but eventually you'll be hearing things like, "I know you're such a guru that this won't be a problem. Can you help me with..."