Page 20 of 24

Highest level of security

Reading the last dailywtf post brought to mind another old story from my past. I was working for a consulting/VAR company at the time and I’ve had clients ranging from Fortune 500 to small shops with <10 people. This was a really small company with a single “IT guy” that ran everything. Of course problems eventually ensued and we were called in. If I remember correctly, it was a layer 2 loop that took them down. A few hours were spent tracing the spaghetti in the so-called rack which should have given me a hint. After that I proceeded to the assessment of their networks & systems and after a little while I noticed that there were no firewalls or any kind of security on the servers themselves. They were all on public IPs and wide open to the world.  I brought it up with the resident IT expert and asked him if he wasn’t worried about security. He answered that it’s all just a big waste of money and they are perfectly safe since he watches the servers all the time.  I thought I found a great retort and asked what happens at night or when he is not there. His reply was an instant classic. He said that he simply turns everything off when he leaves. There wasn’t much else I could say. You can’t get more secure then that.