Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?

Krudler@lemmy.world to Ask Lemmy@lemmy.world – 394 points –

One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the "unnecessary" USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

242

You are viewing a single comment

Took away Admin rights, so everytime you wanted to install something or do something in general that requires higher privileges, we had to file a ticket in the helpdesk to get 10 minutes of Admin rights.

The review of your request took sometimes up 3 days. Fun times for a software developer.

We worked around this at my old job by getting VirtualBox installed on our PCs and just running CentOS or Ubuntu VMs to develop in. Developing on windows sucks unless you're doing .NET imo.

Developing on VMs also sucks, neverending network issues on platforms like Windows which have a shitty networking stack (try forwarding ports or using VPN connections).

In fact, Windows is just a shitty dev platform in general for non-Microsoft technologies but I get that you needed to go for the least shit option

Yeah fortunately we didn't need to do any port forwarding or anything complex for networking for developing locally. It was definitely much easier for us. I don't like Apple, but I didn't mind my other old job that gave us MacBooks honestly.

Oh shit, you just reminded me of the time that I had to PHONE Macromedia to manually activate software because of the firewalling. This was after waiting days to get administrative permission to install it in the first place.

"Thank you" for helping resurface those horrible memories!

I don't miss those days.

3 days? That's downright speedy!

I submitted a ticket that fell into a black hole. I have long since found an alternate solution, but am now keeping the ticket open for the sick fascination of seeing how long it takes to get a response. 47 days and counting...

Nobody wants to take it because it will mess up their KPIs.

Any ticketing system set up like that is just begging for abuse. If they don't have queue managers then the team should share the hit if they just leave the ticket untouched

During those 10 minutes of admin rights:

net user secretlocaladmin * /add
net localgroup administrators secretlocaladmin /add

We used Intune Portal for a list of approved desktop apps

Let me guess, the list is about 6 items long with no provision for getting any added

No, it was quite extensive (20-30?) and we (I) kept expanding it. I even added icons for each app so it looked nice.

All published software was approved by Cybersecurity. We allowed people to request apps and evaluated each case.

1 more...