1. Home
  2. Categories
  3. Side Bar WTF
  4. Holy crap, government 0.1

Holy crap, government 0.1

  • R

    So I work for a certain agency that looks after security for government. There's one internal-only application that we can't expose to the Web because its security looks like swiss cheese. So it's tightly controlled an internal-only.

    There is one user of the application who is going to be away for a week, starting Wednesday. It's his job to approve certain requests made via the app, and he's the only one that knows how to do it. If a mistake is made, lives may be at risk. (Yes, I know that having a single point of failure like that is a WTF on its own)

    So, they didn't think to ask about how he can access it remotely until today. Can we expose it to the Web? Hell no. Can he get access to the VPN? Not in 2 days. Can he come back to the office at lunch breaks (he'll be nearby)? Yes, but that isn't an ideal solution for him.

    After some deliberation, my co-worker had a brillant idea: to get another employee to take a screenshot of the request, print it off, fax it to the guy, get him to approve it and fill in the necessary data remotely, fax it back, and get an intern (or whatever) to enter it back into the system. All it's missing is a wooden table!

    The funniest thing is, I think that it's probably the best solution to the problem, and is the solution that they're going to use.....

    0
  • V

    That sound you heard was a million Chinese fax machines warming up.  You're gonna get hacked dude. 

    What kind of requests does this guy approve?  I hope it's not like "fire the EMP satellite at these coordinates" or "activate HypnoToad broadcast".

    Would probably have better security if you had the intern physically run back and forth between the office and the guy's location.

    0
  • S

    Canadian Goverment, unionized... Single point of failure makes perfect sense.  It's called job security.  I take it email is totally out of the question?

    What about setting up a "quick" reverse tunnel back into the system?  At my old company, we had really stupid rules for accessing the internet and when our support dept needed to connect to client machines, or vice versa, they would make an ssh tunnel from their computer at work to their home computer and connect through there.

    I'm sure the irony is bittersweet, considering your the security department :)

    0 S 1 Reply
  • G

    @rbowes said:

    There is one user of the application who is going to be away for a week

    The real WTF: a government job that breaks on vacation/holiday/whatever when the government are generally the most grossly over-compensated (in time, not necessarily money) for said breaks...

    0
  • O

    Forget about faxing.  Have the intern print it up, hop in his car and then drive it over to the guy.  For security, better have setup a motorcade as well.  Sniper support is also recommended.  You'll have to kill the intern at the end of each delivery, too. 

    0 morbiuswilters 1 Reply
  • R

    @vt_mruhlin said:

    That sound you heard was a million Chinese fax machines warming up.  You're gonna get hacked dude. 

    What kind of requests does this guy approve?  I hope it's not like "fire the EMP satellite at these coordinates" or "activate HypnoToad broadcast".

    Would probably have better security if you had the intern physically run back and forth between the office and the guy's location.

    I wish! But no, we're provincial, so it's nothing nearly as cool. Mostly just, "Will this bridge collapse if I drive this truck on it?"

    Other solutions like a ssh tunnel wouldn't work very easily, since there's absolutely no way to get between that serve and the Internet (except via somebody's workstation, then through the government proxy). As cool as it sounds, and as much as I might do it for my stuff, I don't think that they're going to have the technical know-how to accomplish that.

    0
  • M

    @Outlaw Programmer said:

    Forget about faxing.  Have the intern print it up, hop in his car and then drive it over to the guy.  For security, better have setup a motorcade as well.  Sniper support is also recommended.  You'll have to kill the intern at the end of each delivery, too. 

     

    Even better. He will have to eat himself. No evidence.

    0 A 1 Reply
  • viraptor

    @rbowes said:

    So I work for a certain agency that looks after security for government.
    ...
    Can he get access to the VPN? Not in 2 days.

     

    Now that looks like a WTF! If you need 2 days to setup a VPN for a critical employee, how do you manage government security... actually... nevermind...

    (unless that's one of enterprisy "must be approved by 10 managers" decision...) 

    0 C 1 Reply
  • L

    @viraptor said:

    @rbowes said:

    So I work for a certain agency that looks after security for government.
    ...
    Can he get access to the VPN? Not in 2 days.

     

    Now that looks like a WTF! If you need 2 days to setup a VPN for a critical employee, how do you manage government security... actually... nevermind...

    (unless that's one of enterprisy "must be approved by 10 managers" decision...) 

     

     

    Actually it does make sense. Any canadian military/government person I've known has been through Warcraft and how the hell these people play Warcraft _all_ _day_ _long_ and do work is amazing. 

    0
  • R

    @Lysis said:

    @viraptor said:

    @rbowes said:

    So I work for a certain agency that looks after security for government.
    ...
    Can he get access to the VPN? Not in 2 days.

     

    Now that looks like a WTF! If you need 2 days to setup a VPN for a critical employee, how do you manage government security... actually... nevermind...

    (unless that's one of enterprisy "must be approved by 10 managers" decision...) 

     

     

    Actually it does make sense. Any canadian military/government person I've known has been through Warcraft and how the hell these people play Warcraft all day long and do work is amazing. 

    Haha, our network is reasonably locked down, so I'm not sure if they'd be able to play Warcraft without jumping through some loops. That being said, I'd be able to, so who knows?

    In any case, the delay is because a token is required, and ordering/configuring a token takes longer than 2 days.

    0 X 1 Reply
  • C

    @MasterPlanSoftware said:

    @Outlaw Programmer said:

    Forget about faxing.  Have the intern print it up, hop in his car and then drive it over to the guy.  For security, better have setup a motorcade as well.  Sniper support is also recommended.  You'll have to kill the intern at the end of each delivery, too. 

     

    Even better. He will have to eat himself. No evidence.


    Is he, by any chance, named "Igli"?

    0 N 1 Reply
  • dhromed

    I agree that the intern must be destroyed on a per-session basis. 

    0 Zemm 1 Reply
  • belgariontheking

    @dhromed said:

    I agree that the intern must be destroyed on a per-session basis. 

    Along with all of his "child processes" 

    0
Log in to reply