Misguided security

I once worked someplace whose management laid an egg when they found out that it was possible to sniff network traffic over hubs. So they replaced all the hubs in their network, at considerable expense, with switches for an extra layer of security.

That’s fine. Except…Except the back door of the building never closed right, so it was pretty easy for anyone to just waltz right into the office. Nobody ever did, that I know of. But still, that’s not good.

But that’s not the end of it. One time I saw one of the other IT guys pick the lock on the server room. With a sheet of typing paper.

Yes. He grabbed a piece of paper out of the closest wastebasket, folded it in half, then in half again, pushed it into the gap in the door, made an upward motion, and freed the catch. Then he just walked in. It was easier than remembering the combination.

They spent tens of thousands of dollars out of paranoia that some employee would bring in a sniffer and plug it into the network, but wouldn’t pay the $200 or $300 it would cost to have a contractor come in for a couple of hours to make sure the doors were secure.

One of my clients had an incident with a door in a secure room yesterday, and that reminded me of this former client’s door problems. This current client fixed the problem in about 30 minutes.

It’s been five years, but I probably could still get into that former client’s server room. The hardest part would be remembering where the doors are.

If you found this post informative or helpful, please share it!

One thought on “Misguided security

  • March 12, 2010 at 5:53 pm

    I’m sure between the two of us, we could write a
    book’s worth of examples. And maybe we should.

    Recently I heard through a friend-of-a-friend about a
    client who was repeatedly having heat issues in his
    server room. The final solution? Propping the server
    room’s door to the outside open.

    Recently I visited a friend’s doctor’s office only to
    discover they had a completely wireless router
    connected to their network. Combine that with a
    Windows 2003 server that had never been patched
    (not even SP1), and you have a recipe for disaster
    right there.

    One of the slickest tricks I’ve ever seen involved
    putting self-running viruses on a USB stick and then
    leaving the stick(s) lying around in corporate
    bathrooms. I believe the people that tried that had a
    100% success rate.

    We really should write a book, Dave. 🙂

Comments are closed.

%d bloggers like this: