And in those nine years you claim to have had at least one major security incident. It beggars my belief.... You now publicly declare that your company not just advocates the sharing of passwords, but certainly encourages it, if not make it compulsory. If you were to have another security incident you would probably be hard pressed to be able to point the finger at anyone, especially as your lax security procedures are now public knowledge.
Troll?
Sorry for top posting
Sent from my HTC Smartphone
----- Reply message ----- From: "Rudi Ahlers" Rudi@SoftDux.com Date: Thu, Jan 20, 2011 17:44 Subject: [CentOS] How to disable screen locking system-wide? To: "CentOS mailing list" centos@centos.org
On Thu, Jan 20, 2011 at 6:29 PM, Giles Coochey giles@coochey.net wrote:
On 20/01/2011 17:11, Rudi Ahlers wrote:
The message I'm trying to bring across is that users in the company shouldn't have passwords which admin doesn't know, or can't access. The PC's and data, well at least in our company, is the property of the company. Making it more difficult for an engineer to gain access to a user's PC automatically arises suspicion
Hi Rudi,
Your stance on this is counter-intuitive to me, are you able to cite any good reference which recommends that administrators know user passwords?
--
No, I can't. But I've been running a hosting & development company for 9 years now and this is the first problem I get out of the way right on the first day of an employees job.
I'm personally involved in the accounts department (when I actually get time) since I want to know what goes on in my company. I also work close with the developers when needed. We trust everyone in the office, and being it an open-plan office, it's easy to see if someone is at someone else's desk when they're not supposed to be. Staff logoff and shutdown every night, so that's not an issue.
But, it is a big issue when a staff member goes on leave, or even just on lunch and switch-off their cellphones and I can't get hold of them to get a password to login to a PC if I need to. The account PC, for that matter is encrypted, with no network access so one needs to be in front if it to access the data.
User accounts also doesn't mean much to me. I know how it sounds, but I care more about the data than the user's account. As long as I can access whatever I want, whenever I want.
Giles Coochey wrote:
And in those nine years you claim to have had at least one major security incident. It beggars my belief.... From: "Rudi Ahlers" Rudi@SoftDux.com On Thu, Jan 20, 2011 at 6:29 PM, Giles Coochey giles@coochey.net wrote:
On 20/01/2011 17:11, Rudi Ahlers wrote:
<snip>
I'm personally involved in the accounts department (when I actually get time) since I want to know what goes on in my company. I also work close with the developers when needed. We trust everyone in the office, and being it an open-plan office, it's easy to see if someone is at someone else's desk when they're not supposed to be.
<snip> Another reason I'd only work for you if I had no other options: I've worked in a pretty-much "open plan" office, and *LOATHE* it. Not only *zero* privacy, but *far* too much noise and distraction to concentrate.
I remember working at the Scummy Mortgage Co (name available upon request) many years ago, with five desks, and the sr programmer and the analyst on the phone 60% or 70% of the time. I had a tape player, to listen to some training tapes; when I'd finished them, I put in some music. My boss came by, asked if I was done the training, and I told him I had music on, to make it easier to concentrate and increase my productivity. He told me to take them off and increase my productivity.
Open-plan office, *crap*. Do the managers or execs work in them, too?
mark
On Thu, Jan 20, 2011 at 12:45 PM, Giles Coochey giles@coochey.net wrote:
And in those nine years you claim to have had at least one major security incident. It beggars my belief.... You now publicly declare that your company not just advocates the sharing of passwords, but certainly encourages it, if not make it compulsory. If you were to have another security incident you would probably be hard pressed to be able to point the finger at anyone, especially as your lax security procedures are now public knowledge.
Troll?
I don't think that he's a troll; he's posted many times here in the past. He's probably never worked in a properly-structured environment and he'll change his mind the day that some servers are killed, intentionally or not, and admins'll point fingers at each other because everyone can logon as everyone else.
-
Giles Coochey -
m.roth@5-cent.us -
Tom H