Network Security!

Please register or login

Welcome to ScubaBoard, the world's largest scuba diving community. Registration is not required to read the forums, but we encourage you to join. Joining has its benefits and enables you to participate in the discussions.

Benefits of registering include

  • Ability to post and comment on topics and discussions.
  • A Free photo gallery to share your dive photos with the world.
  • You can make this box go away

Joining is quick and easy. Log in or Register now!

jonnythan

jonnythan

Knight Scublar
ScubaBoard Supporter
Messages
10,070
Reaction score
112
Location
Upstate NY
# of dives
200 - 499
I work for the Albany office of a NYS governmental department. Our main office is in NYC.

We're in the middle of a big security push. We're finally getting around to implementing the state's Cyber Security policy.

This weekend, the NYC office is having a consultant come in to physically move a portion of the department from one floor to another.

They have sent out a list of TO DO's to make sure the move goes smoothly.

Peachy so far right?

Well.

Among this list is "Leave your USER ID and password with your computer before leaving on Friday." They have further requested that users leave their *separate* Lotus Notes password as well.


I'll let that sink in a moment.


......



This is a government department that deals with large financial institutions and lots of money. We [including myself and my boss here in Albany] have been doing a fair bit of work and spending a lot of money to secure our network and get into compliance with the Cyber Security guidelines.

It sure as heck makes the work I've done seem totally worthless if we're just going to be handing out every user's password and having people come in to read their email *just to make sure you can still log in after putting the machine somewhere else.*

WTF?! :crying2:
 
Hey, Gartner does that with every update! You know, the company that people pay for IT Advice? Yup, thats their game..

BTW, my Cousin works with the same group as you I believe, in Albany. :)
 
Oh yeah? Who is your cousin?
 
With my company this is a big no,no. Newly hired employees sign our information security policy which states among other items that sharing your passwords is grounds for immediate termination. I would refuse to do as what was requested. In my company if someone logs into a network with another's user ID/password the owner of the password will be held accountable. I would review the new hire paperwork that you signed..chances are they have an information security policy. The incident that you described with our company would be a breech of security and would warrant an investigation by corporate security.....
 
Does seem rather strange, but the network people we have can reset the passwords anytime, so no big deal. Now as for the security issues, doesnt sound such a great idea - maybe you should write them on a piece of paper and then just throw them away (in your own dumpster) - think that would be secure, dont waste time with a shredder either! Do they have to have your passwords to be able to check the system? Cant they make a psuedo-person user ID/password to check each one, that has no access to your important files, but allows them to check you are hooked up to the network? I can use my user ID/password on any machine in our network, cant see why this wouldnt work for your business too.
 
I'm not actually involved in this.. I'm part of the IT team in Albany and this is all in the NYC office. No way I'd ask my users to do this. My boss and I are banging our heads on the wall trying to get them to understand they can't have some consultant logging into everyone's accounts, getting access to all of their email, sensitive files, financial records of tons of companies, etc. I would never ever do this to the users here.
 
Could you please leave your SSN as well for identification purposes?
 
Among this list is "Leave your USER ID and password with your computer before leaving on Friday." They have further requested that users leave their *separate* Lotus Notes password as well.


I'll let that sink in a moment.[/QUOTE]

and they are implementing a [COLOR=DarkRed]SECURITY WHAT?[/COLOR] ???????????

Well, at least they did not ask for your SS as well as your cc eh? bahhhhhhh
Click to expand...
 
I'm glad we don't practice that here, we use our new ID cards to access our systems here, they have a pin code only known by the user......Not allowed by DOD policy to give Login ID or the Password, people who do are dealt with severely.
 
I think I'd be talking to your security folks about a background check on this "consultant".

That ain't right, especially for a "governmental department".

Apparently the New York State government's cyber security policy is to not have any (cyber security, that is). :icosm13:
 
You must log in or register to reply here.

Similar threads

drrich2
Possible attempt to hack account
2
Replies
15
Views
1,474
mrtechbench
M
A
How are you securing your housing while diving
2
Replies
13
Views
636
Jake 10
Jake 10
J
Local diving spots & charters
Replies
0
Views
148
JDubs09
J
BigDaddyGlad
Cove Eco Resort it is! Now, how to get there...
2 3
Replies
28
Views
1,487
Lovebeard
Lovebeard
50BarBill
Help mounting reel+DSMB
Replies
9
Views
871
Nemrod
Nemrod
https://www.shearwater.com/products/perdix-ai/

Back
Top Bottom