Secure access



  • So, some guy I've never met wearing a coat with a known HVAC company's logo on it, clipboard and the whole nine yards came and asked for access to my data closet.

    Me: why do you need that?
    HVAC guy: I need to get the model and serial number so I can add it to my list.
    Me: Who approved this?
    HVAC guy: I don't know.
    HVAC guy: What's the problem, is there a reason I can't see the equipment?
    Me: yes, I don't let unauthorized people near my data closet.
    HVAC guy: OK I'll let my management know I wasn't granted access.
    Me: Hold on, let me find out who approved it, and if it checks out I'll give you access.
    HVAC guy: waits

    I found that the situation was approved and gave the guy access.

    The thing that blows my mind is that it appears that this guy has never had his credentials cleared before - as if he should just have instant access to anywhere he wants to go. Sadly I know this is super common in most places. I could get my hands on a vendor shirt and just pillage a place blind.



  • Social engineering is a powerful thing.



  • @Dashrender said in Secure access:

    The thing that blows my mind is that it appears that this guy has never had his credentials cleared before - as if he should just have instant access to anywhere he wants to go. Sadly I know this is super common in most places. I could get my hands on a vendor shirt and just pillage a place blind.

    Super common.



  • Yup, I'd say this would be the most common case. Basically I'd not be surprised either way. Totally understandable that he would have run into that before, but very common not to have.



  • @scottalanmiller said in Secure access:

    Yup, I'd say this would be the most common case. Basically I'd not be surprised either way. Totally understandable that he would have run into that before, but very common not to have.

    yeah, I realized I felt the same way as I was writing the post, but posted it anyhow.


Log in to reply