I bypassed my jobs security restrictions...



  • Occasionally I get bored at work such as on Sundays where I do my studies of informational technology I'm pretty interested in security and also command prompt and basically how computers function. Where i can look at the networks and configurations of a real office environment even though a lot of things are blocked off (not much security except being controlled by remote desktop permissions in control panal) , I used my knowledge to bypass these things and learn about the way the network structure works (they blocked the network map) which is very interesting to me considering it is a private A-class IP so took interest in what I can see within my companies network like the forestroot.local (Host). Today I accessed the control panel and found som, and found there's 5 primary DHCPs/sites it changes between) i found interesting ways to get around some of the administrator restrictions functions they missed to block(i decided to optimize thin-cliant for performance, seems to made a difference), which I assume they cant simply block because its local settings but it give viewing rights even in security logs, (so many different users on these logs). I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security, recently we upgraded our systems to Windows 10 and I was the one to be the bug tester and work with IT on everything.
    I'm not sure if I should report it because I like using the situation to learn. I am curious if by doing this will the informational technology department find theses actions serious if it's a situation of look but don't touch?

    I am currently studying for my A+ certification working out of a call center and using my job's not busy days for learning.

    Questions comments concerns are welcome.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security

    I would think it depends on the company policy. What's the employee handbook say?

    As for mentioning potential security holes in your company's IT systems and infrastructure, I'd certainly want to know if I were in a position to care.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security

    I would think both. Consider this: You find a flaw and report it promptly. You're then terminated for the action taken to find the flaw. Is that a place where you'd truly like to work? This assumed the flaw you found is legit, and not a created flaw to try to cover why you're breaking into things for which you aren't authorized.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    I'm not sure if I should report it because I like using the situation to learn.

    I would. Like @Obsolesce said, if your company cares about IT, then the people in charge will want to know.



  • @EddieJennings @Obsolesce

    I did think about the termination part of if I did report it would I have to worry about such, personally I've had the responsibility to find bugs with the new windows 10 so I think either way I can swing it up to. "I was checking the security"
    I mean its easy enough to make a batch to

    Echo
    Start cmd

    They have it right with R+WindowsKey blocking CMD though...

    As for reporting. .. Well I work as a contractor on behalf of the call center but am considered as employment with my (ompany(A) for company(B) who we connect through a VPN with... i checked the DHCP by internet and it links to company(B). They had it backed by a username and password and by continuing farther I would be subject for monitoring. So left that... Now for my local machine all of our IT department is in Philippines. I'll see what i can do by email to inform them.



  • Turns out we have a helpdesk feature in our tools so should be pretty easy.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    I used my knowledge to bypass these things and learn about the way the network structure works (they blocked the network map) which is very interesting to me considering it is a private A-class IP so took interest in what I can see within my companies network like the forestroot.local (Host). Today I accessed the control panel and found som, and found there's 5 primary DHCPs/sites it changes between) i found interesting ways to get around some of the administrator restrictions functions they missed to block(i decided to optimize thin-cliant for performance, seems to made a difference), which I assume they cant simply block because its local settings but it give viewing rights even in security logs, (so many different users on these logs). I'm curious if a administrator finds my logs of the different accesses I've been through. Am I risking termination or is a curious mind good for their security, recently we upgraded our systems to Windows 10 and I was the one to be the bug tester and work with IT on everything.

    Did you really bypass anything? Other than seeing DHCP servers, which is easily done by checking your ipconfig. What have you actually done?

    I'll be honest, if I'm IT and somebody comes rambling to me like this, I'm just going to ignore it.

    I do think it's awesome how you are trying to learn how things work, and it does seem like you have some knowledge. However, I think you have more studying and learning to do before you think about breaching networks and reporting security issues.

    Everyone has to start somewhere and you seem to be learning fairly quickly for Helpdesk. Just keep your head down and keep learning, you'll be there soon.



  • Man, if you can bypass the helpdesk, I'd definitely do it. Short of leaving that company for another, it's often hard to get off the helpdesk.

    If you're good at it - i.e. people love you for whatever reason, the department won't want to let you go, if you suck, the other departments won't want you, good ol' catch 22.



  • @IRJ
    No id dont think i bypassed anything , i just work at a callcenter and have no IT or helpdesk job i work w a electrical. i get what you mean, im not able to change or see anything major besides whats been discovered, id like to keep the job and say nothing...

    Funny thing i accually tried to use the situation to send to the IT department and see if they could get me a job over, turns out only SUP can talk with IT departments and the emails i tried to send off too are old. i was excited to use it in a positive way. Yeah ill just learn at the job and not take a risk of termination by telling/



  • @ls_tech said in I bypassed my jobs security restrictions...:

    Am I risking termination or is a curious mind good for their security, recently we upgraded our systems to Windows 10 and I was the one to be the bug tester and work with IT on everything.

    Working around a block is generally grounds for termination. Using something that isn't blocked and not forbidden isn't a problem. The question would be, which did you do?



  • @Obsolesce said in I bypassed my jobs security restrictions...:

    I would think it depends on the company policy. What's the employee handbook say?

    This is pretty key. Was a rule broken, or wasn't it.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    I'm not sure if I should report it because I like using the situation to learn.

    This all comes down to your company's politics. Most companies care about politics over anything, and so have little interest in security and never want someone showing them when something is wrong.

    But all good companies that care about business, rather than politics, will want to know and have processes to protect someone from trying to fire you to hide their own incompetence.

    But good companies are rare, bad companies are common. You need to know where you are working to know what your risk is.



  • @ls_tech said in I bypassed my jobs security restrictions...:

    Funny thing i accually tried to use the situation to send to the IT department and see if they could get me a job over, turns out only SUP can talk with IT departments and the emails i tried to send off too are old. i was excited to use it in a positive way. Yeah ill just learn at the job and not take a risk of termination by telling/

    From what you said elsewhere, IT may be all offshore which would imply that, unless you want to take a paycut and move to the Pacific Ocean, there's no IT option for you. When a company of any size outsourcings and/or offshores a department, that will normally cut off any path you have at joining that department from the US, at least not as a very senior resource.

    We face a similar problem. We aren't in Asia, but are in LATAM. If you were working for me in the US, and this chain of events unfolded, and IT was your dream, and we were impressed with your work.... you'd still face a "so, you want to move to LATAM?" question before you could consider a position on our IT team.

    Sadly, it's most likely, if this is how your company is, that it likely doesn't present a path into IT for you in you are in the US. But that's okay, it's a great job for studying IT and learning and getting ready for that IT job somewhere else.

    Also, I highly recommend less time on the A+. Read the book, learn the material, but do it quickly and skip the exam. Go right to the Network+. Any job that cares about the A+ isn't a real or good IT job and will just hold you back long term. A+ is an exam for bench, not IT. Loads of crappy IT shops expect it, but is a crappy shop what you want? Probably not. Go for the IT exam instead and move directly into an IT job. Slightly harder to get your foot in the first door, but a much faster ladder to climb.