This is topic Network usage rules in forum The Big Archives at The Geek Culture Forums!.


To visit this topic, use this URL:
http://www.geekculture.com/cgi-bin/ultimatebb/ultimatebb.cgi?ubb=get_topic;f=26;t=005235

Posted by Mr Bill (Member # 553) on March 24, 2003, 20:33:
 
Things have been slow at work recently (somedays 30 minutes between support calls, so most of us have either brought books or surf while waiting. I thought this would be an excellent time to catch up on the message boards, but as I was logging in to my machine last week one of the network support guys announced that we were no longer allowed to go to "inappropriate" sites, such as forums, IM or webmail.
After the initial "What the hell!?", my rational mind kicked in and I realized that with the customer info floating around the building, it's a reasonable rule.
In the past I have worked at places where as long as you didn't bring down the network, they didn't care what you did.

So here's the question:
What is the harshest|silliest|most lax network usage rule you have personally (*) experienced, and what was the reasoning behind it?


* please keep urban myths to at least two degrees of separation, thank you.
 
Posted by ilovemydualg4 (Member # 1234) on March 25, 2003, 03:24:
 
"No, you may not change the printer to the one in the hallway, yes I know you are trying to print a project that you really need....:"
I was tryign to add the printer in the hall to one of the library computers because the library printers were down and she threataned to have my network access suspended
 
Posted by ilovemydualg4 (Member # 1234) on March 25, 2003, 03:26:
 
Oh, by the way, here's what you do to get arround it:
If you have a proxy server there that requires all traffic to be on port 80, too bad for you...
otherwise..
set up an secure proxy on your home computer
forward all of your web traffic to the secure proxy.
now all that the netadmin sees is a helluvalotta traffic to a secure proxy, but doesn't see what it is [Smile]
 
Posted by supaboy (Member # 183) on March 25, 2003, 06:36:
 
A long time ago, I helped a company change from DEC Pathworks to TCP/IP. One of the side effects was that Internet access was available to the computers which had been converted. The first thing one group of ladies asked me was, "How do you find pictures of naked people?"

So I said, "You did not hear this from me." And then I showed them how to use a search engine (probably AltaVista- this was pre-Google) with the terms "naked people". This was enough to find some images. I told them they could probably get more interesting (to them) results if they searched on "gay porn" but I wasn't about to provide that level of customer service.

Eventually, that company implemented a content filter. It was sort of a sport for me to circumvent the filter. For example, you couldn't go to www.playboy.com but you could go to playboy.com's IP address without trouble. I speak enough Spanish to bumble around web sites written in it, and interest in porn is universal, so foreign-language sites were another way. Then, there were also any number of web proxies such as Babelfish and the Encheferizer which provided the content but appeared to come from someplace not banned.

One of the other techs got mad at the filter one day. It wouldn't let him go to a Star Trek fan site, and he was a Trekker of the first degree. We asked him what the message was. He said it was banned because it was "cult related", and got his rant on. Another tech stopped him and said, "Look at yourself, man! Do you think maybe that's why they have Star Trek listed as a cult?"

Now I am a system administrator at a different place. For the most part, I don't care what the client machines do. NNTP and some IM systems are blocked at the firewall, but if IM interferes with work then that's a personnel problem not a technical one. If I see stuff like Bonzi Buddy or Gator, though, I usually uninstall it. Mostly I'm just happy if the antivirus and OS patches are updated regularly, though.
 
Posted by Lex (Member # 835) on March 25, 2003, 13:11:
 
Yes, you can have the Administrator password for all the highschool NT domains. Yes, you can have the master keycard to the school to get into any room you want at any time. No, you may not have the web filter bypass password for such unimportant things as downloading Winzip or other utilities. Very silly. Not that it stopped me, of course, but it doesn't hurt to ask first. Generally.
 
Posted by ilovemydualg4 (Member # 1234) on March 25, 2003, 16:25:
 
quote:
Originally posted by Lex:
Yes, you can have the Administrator password for all the highschool NT domains. Yes, you can have the master keycard to the school to get into any room you want at any time. No, you may not have the web filter bypass password for such unimportant things as downloading Winzip or other utilities. Very silly. Not that it stopped me, of course, but it doesn't hurt to ask first. Generally.

Hmmm
The idiot librarian wrote the "Foolproof security" password on a sticky on one of the library computers...
There are actually two proxies at our school, an old one, and a new one. The old one is a tad slower, but the new one has a filter on it, the old one doesn't [Smile]
Of course, the new software also has problems sometimes staying online, while the old one is pretty much failsafe.
hmmm... not too hard.... internet options -> connections ->advanced ->change 10.1.0.1:8080 to 10.2.1.1:80
done [Smile]

I have winzip installed in my network folder, and it can run off of it [Smile]
I also have the fully contained QT6 installer, since most of them have 2.5, and that of course, will never do for power point presentations [Smile]
 
Posted by Steen (Member # 170) on March 25, 2003, 17:42:
 
Me - "Hello [IS Helpdesk Type Person's name]. You seem to have misconfigured our web proxy this morning and blocked our access to secure web sites"

IS - "That's intentional. We don't see the need for any of the employees to access secure websites"

Me - "Our company website has secure sections that we have to access in order to actually answer customer's questions."

IS - "Oh. We'll umm... have to look into that."


(sidenote: this was the same IS person who emailed someone to tell them that their login password had been reset)
 
Posted by greycat (Member # 945) on March 26, 2003, 06:29:
 
A few years ago, I was a consultant for a company here in Cleveland, which no longer exists. They had a phone number (and a fax number) which began with 765-****.

While at one of the client sites, I had to fax some information back to the consulting company's office. This required using the client's fax machine. I asked the local personnel how to go about doing this, and they were happy enough to show me how. I had to dial "9", then the phone number. Standard enough, right?

It didn't work.

It turns out that their fax machine was on a telecom system which blocked any phone numbers that started with "976", because that prefix is frequently used by pay-by-the-minute phone sex organizations. But the filter was in the wrong place -- it caught the number before the leading "9" (to reach an outside line) was stripped off. When I dialed "9-765-****", the leading "976" tripped the filter, and the call was disallowed.

Yeah, this isn't really a network policy ("usage rule") issue; it's simply a blunder. But I thought it was funny. [Wink]
 
Posted by GameMaster (Member # 1173) on March 26, 2003, 11:47:
 
A big blunder... that would also mean that they didn't block the desired numbers.

Using Novell software, in highschool, they keeped people from accessing programs by not allowing people access to file explorer and taking everything except office and Netscape out of the start menu... Well it didn't take long for the students to open word, hit file->open and then navigate to the program and run it... It did keep the TEACHERS from using programs though, because most of them weren't exsactly with it. I just used the "Run..." dialog because I knew the paths to solitare and winmine.... [Razz] Anywho... Such tight security, eh?
 
Posted by Lex (Member # 835) on March 26, 2003, 13:38:
 
There is/was a program called Full Armor that is supposed to prevent access to unauthorized programs and files and that sort of thing. It would even do things like encrypt the partition table or something and install a custom bootloader or something to decrypt it at boot. Only problem is that you could run nearly any program you wanted by inserting the program into a wordpad document as an OLE thingy. So, using just a basic wordprocessor, I could run the included uninstall program (normally protected in the same way as everything else) to quickly remove it. When I demonstrated this to my computer lab teacher, I didn't have to do any work for that class at all except troubleshoot.
 
Posted by ilovemydualg4 (Member # 1234) on March 26, 2003, 17:06:
 
at school they use foolproof
http://www.smartstuff.com/fps/fpswin95.html
It's not that hard to get past, until you boot up to dos, (f8) and delete the C:/SSS folder
[Smile]
I don't need to bother though, seeing as teachers have let their passwords slip to me (they've told them to me straight out [Smile] )
 
Posted by Robb [treborus] (Member # 2003) on March 26, 2003, 17:18:
 
quote:
Originally posted by Lex:
Only problem is that you could run nearly any program you wanted by inserting the program into a wordpad document as an OLE thingy. So, using just a basic wordprocessor, I could run the included uninstall program (normally protected in the same way as everything else) to quickly remove it. When I demonstrated this to my computer lab teacher, I didn't have to do any work for that class at all except troubleshoot.

Don't you just love how secure windows is? [Roll Eyes]
 
Posted by ilovemydualg4 (Member # 1234) on March 26, 2003, 18:23:
 
Just the other day playing arround with net view, we found a computer named "i_like_cheeze" hehe
 
Posted by AnyoneEB (Member # 1456) on March 28, 2003, 21:45:
 
Windows is secure enough... if you're using a multi-user version. My school has Windows 95 & 98 on all the computers, both OS's are single-user OS's that have no idea of access rights, so you can access anything. FoolProof doesn't stop much because the system is not designed for something like that to work. If you want something secure use 2k/XP, password is easy to change with a boot disk, but someone would probably notice a boot disk and a changed password, they won't notice you hitting [Logo]+[R] and running Minesweeper and minimising it when the teacher is looking.
 


© 2018 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0