IT/Physical Security

A Former User

@Nic said:

That button would make for an epic rage-quit.

I know right. It's a felony offense to push them already. It does currently allow drawers to be opened without manager approval for employee safety and call the police.

dafyre

@thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

MattSpeller

I still don't understand wtf they would be doing messing with the registers when they could be taking the cash. If they wanted user data, shit, it's available by the gigabyte on forums for pennies. Usually WITH credit card info. I'd watch the cams carefully and see if they were just idiots trying to get the drawer to eject.

None of this adds up for me.

I think your security setup sounds kick ass.

A Former User

@dafyre said:

@thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

They couldn't boot to another media on these easily. It's blocked. And they don't have CD rom Drives. USB ports are disabled.

A Former User

@MattSpeller said:

I still don't understand wtf they would be doing messing with the registers when they could be taking the cash. If they wanted user data, shit, it's available by the gigabyte on forums for pennies. Usually WITH credit card info. I'd watch the cams carefully and see if they were just idiots trying to get the drawer to eject.

I suppose it's possible. The current system still requires you to hit the "open cash" button even once it's pushed but will do so without a transaction or manager override.

They were also trying to use a USB drive (but couldn't). And also figure out (probally by chance) how to close the Linux GUI and get to terminal. where they typed some random stuff much of which did nothing aside from a few pings.

A Former User

Now we get to explain to them why we don't need the other stuff happing. Management really wants the sites somehow disconnected when the buttons are pushed.

scottalanmiller

you can do that from the central site.

A Former User

@scottalanmiller said:

you can do that from the central site.

Yeah we do currently if we need to, just not automated.

JaredBusch

It really seems like they are simply throwing money away fighting a nearly non-existent threat. Wiping a router? Really?

When you take security to such a level that it becomes intrusive to getting work done, you are intentionally trying to drive your business under.

scottalanmiller

@JaredBusch said:

When you take security to such a level that it becomes intrusive to getting work done, you are intentionally trying to drive your business under.

Exactly. Who is the bigger thread, the "hackers" who failed of the managers doing tangible damage?

A Former User

@JaredBusch said:

It really seems like they are simply throwing money away fighting a nearly non-existent threat. Wiping a router? Really?

When you take security to such a level that it becomes intrusive to getting work done, you are intentionally trying to drive your business under.

I agree. Though I kinda understand their reasons behind wanting to do it. But it's not like we have on site IT to reload the configs so we'd have to hire an MSP or in some locations we have analog lines with modems for terminal server (as in console terminal, not windows). But seems to be a waste of time to me.

I totally get the drawers being unlocked though, it's saved employees lives on multiple occasions.

A Former User

Just got told they were people that worked as IT techs for some company and were heavily intoxicated when the held up the store. haha. I say worked because I'm sure the jail time if nothing else will cost them their jobs.

dafyre

@thecreativeone91 So they actually got caught? That is awesome!

A Former User

@dafyre said:

@thecreativeone91 So they actually got caught? That is awesome!

Yeah. I figured they would.

scottalanmiller

@thecreativeone91 said:

Just got told they were people that worked as IT techs for some company and were heavily intoxicated when the held up the store. haha. I say worked because I'm sure the jail time if nothing else will cost them their jobs.

Few places want to employ IT people, the ones trusted with the keys to the environment, who are involved with armed robbery

A Former User

@scottalanmiller said:

@thecreativeone91 said:

Just got told they were people that worked as IT techs for some company and were heavily intoxicated when the held up the store. haha. I say worked because I'm sure the jail time if nothing else will cost them their jobs.

Few places want to employ IT people, the ones trusted with the keys to the environment, who are involved with armed robbery

One would hope.. But I know a felon who does maintenance & HVAC at the schools, you know around kids?

scottalanmiller

@thecreativeone91 said:

One would hope.. But I know a felon who does maintenance & HVAC at the schools, you know around kids?

Schools rarely care about kids. Kids are not the customers, they generate no money.

Businesses don't want felons handling their finances.

tonyshowoff

The less technical and more dangerous robbers may end up wanting to kill the clerk because the cash register is locked. It's easier and wiser to give them the little cash you have than to try to fight back, after all that's what insurance is for, and insurance for stolen cash is a lot better than insurance due to a lawsuit from a family with a dead relative. I'm not saying don't make things harder or don't protect things which may be taken from the property, but certainly don't put employee lives at risk to save $50.

scottalanmiller

@tonyshowoff said:

The less technical and more dangerous robbers may end up wanting to kill the clerk because the cash register is locked. It's easier and wiser to give them the little cash you have than to try to fight back, after all that's what insurance is for, and insurance for stolen cash is a lot better than insurance due to a lawsuit from a family with a dead relative. I'm not saying don't make things harder or don't protect things which may be taken from the property, but certainly don't put employee lives at risk to save $50.

Plus if the cashiers know how things work, having the cash box lock up will just make them not push the alarm so that they have options to save themselves. Why would a cashier put their life at risk over the cash box? They won't. So instead of protecting things, this pretty much disables ALL protection.

scottalanmiller

And it is more than just logic. Sure, basic logic says they won't press the alarm if it endangers them. But it goes farther. If you have put them unnecessarily at risk and not given them the safeties that a normal business would (call the police secretly!!!) then they have no reason to care that they are being robbed. Might as well assist the robbers as much as possible. If the company doesn't care about their safety, why would they put in any effort at all to protect company assets?