General discussion

Locked

Which of these security sins have you committed to "get the job done"?

By Bill Detwiler Editor ·
Which of these security sins have you committed to "get the job done"?

- Hacked a password without permission
- Opened a port for remote access
- Taken sensitive, unsecured data home
- Other
- None of the above

This is the focus of a new TechRepublic poll. Tell us whether you've committed any of these IT security sins when trying to "get the job done"?

This conversation is currently closed to new comments.

26 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Other

by w2ktechman In reply to Which of these security s ...

Never taken data home
Have requirements/policies for opening ports
Never hacked a PW without permission, although their immediate manager has given the authorization first.
There have been too many 'other' shortcuts that have been made, some would violate the company policy at various places that I have worked. But, these have been with consent from the user or manager of the user in question. In my opinion, these are the only people that should give permission to make certain requests. If both are unavailable, the item can wait, or if needed, a higher up manager, or my manager or that persons departmental manager can give permission as well. But, except for my manager, the management chain must go up in a direct line from the persons system/account that is in question.

Collapse -

Yes ;-)

by jmgarvin In reply to Which of these security s ...

Ok, not that bad

- Hacked a password without permission
We had a problem where we had a tech leave a site. All the local admin passwords were set to something other than our current rotation. He has also set the domain admin (for the site)password to be something different. Rather than get permission, I needed to get the job done. Nobody knew (until now) that I ever did this.

- Opened a port
We had some serious bandwidth issues at one place. I didn't directly get permission (eg I was told to just make it work). I split our incoming web traffic across two ports so I could track usage very CLEARLY for my PHB.

- Other
I clustered a couple of old servers together because our poor web server just wasn't cutting it. Nobody ever knew that is what happened (save for the incoming IT guy). They wouldn't buy the equipment, so I made due.

Mostly what I've done is due to lack of proper management and lack of oversite (or really caring) about the IT deparment.

Collapse -

Number's one and two,

by mjwx In reply to Which of these security s ...

But never for a client, I have only done it internally.

Collapse -

None

by Simon Beck In reply to Which of these security s ...

If the environment isn't receptive to the fix, it doesn't get done.

Bit of a jobs-worth approach but it's the best way of doing things.

Collapse -

None of the above....

by Jaqui In reply to Which of these security s ...

I have broken password protection, but I had written permission before doing so.

Opening of a port for remote access, only with knowledge and approval of the client. since that remote access could have their system running again faster. and was limited to a specific user id and encryption key.

sensitive data is always secured, so I never do this one.

Collapse -

none of the above - security is not security unless

by Deadly Ernest In reply to Which of these security s ...

it is done properly all the time - a breach of security is NOT 'get the job done' it is being lazy.

Security is like being pregnant - either you are or you aren't

Collapse -

none of the above

by j.lupo In reply to Which of these security s ...

Anything done is with permission, written permission at that. Do we need to get around certain policies sometimes? Probably but only when the planning was not done correctly. However, that workaround needs to be clearly documented, signed off on, and agreed to.

Collapse -

None

by david In reply to Which of these security s ...

I have to keep my clients secure. So I don't deviate from standards to get the job done. However some of my clients "don't care about security" and so I have different standards for different clients.

Collapse -

none, either

by Mickster269 In reply to Which of these security s ...

Well, depends on what you define as "other".

Collapse -

My idea of 'other'

by w2ktechman In reply to none, either

Is when you are bending policies in place to attain a goal. But as I have stated, it is always with permission from other managers of the user in question or from the user themself (and sometimes from my managers chain) depending on the situation.
If a policy needs to be bent to get the job done, then the policy is wrong or needs updating. Going through management may still be breaking the policy, but sometimes it is needed. Policies are guidelines and do not cover every situation.

Back to Security Forum
26 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums