Burned by Eschewing Best Practices
-
@DustinB3403 said in Burned by Eschewing Best Practices:
I'm sure this has been discussed before, but don't store user passwords, don't request them, don't mandate users tell them, and don't set them to something and never allow them to be changed.
If as a domain administrator you need to get into a user profile to "have access" use your administrative credentials.
That thread makes me think that after all is said and done, bad management + spineless IT guy = they will keep on having that master list of passwords.
-
@RojoLoco Yeah I figure as much, which this will just open a "he said she said" issue if something with legal ramifications occurs.
-
Um... why is this a question again? Decision: To stay physical or move to vitual
-
I had a client that maintained a password list for every employee once. I showed the boss how this was completely unnecessary, she didn't change.
-
That question reminds me of a post yesterday or so about a PCI auditor claiming to need that same info... WTF?
-
@DustinB3403 said in Burned by Eschewing Best Practices:
Um... why is this a question again? Decision: To stay physical or move to vitual
Posts like that make me think SW makes their staff create puppet accounts to post such nonsense so they will have something to feature, because apparently they have been scrambling for feature worthy posts lately.
-
I like the first line of the post... "I didn't find much searching..." I call BS... lol
-
@brianlittlejohn said in Burned by Eschewing Best Practices:
I like the first line of the post... "I didn't find much searching..." I call BS... lol
LOL. There is a lot of that.
-
@brianlittlejohn said in Burned by Eschewing Best Practices:
I like the first line of the post... "I didn't find much searching..." I call BS... lol
If they only tried the search available on the site rather than a Google site search, I might not outright laugh at them, only on the inside.
-
@Dashrender said in Burned by Eschewing Best Practices:
I had a client that maintained a password list for every employee once. I showed the boss how this was completely unnecessary, she didn't change.
At my last position they wouldn't let me enforce password complexity because there was a password list the managers wanted to keep to.
-
Keeping systems and data around for extremely long periods of time leads to major issues. Like having to keep all records available..
"As long as records are retained, they are legally discoverable, regardless whether their retention period has expired." - from the American Bar Association.
-
@DustinB3403 said in Burned by Eschewing Best Practices:
Keeping systems and data around for extremely long periods of time leads to major issues. Like having to keep all records available..
"As long as records are retained, they are legally discoverable, regardless whether their retention period has expired." - from the American Bar Association.
yeah, people just don't get that until they get burned by it. We have people who have email that goes back 20 years... it's just crazy to me.
But when my boss goes and digs out some email from 5+ years ago.. she loves to come and say.. See I needed this thing from 5+ years ago, it's a good thing I kept it.
-
@Dashrender said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
Keeping systems and data around for extremely long periods of time leads to major issues. Like having to keep all records available..
"As long as records are retained, they are legally discoverable, regardless whether their retention period has expired." - from the American Bar Association.
yeah, people just don't get that until they get burned by it. We have people who have email that goes back 20 years... it's just crazy to me.
But when my boss goes and digs out some email from 5+ years ago.. she loves to come and say.. See I needed this thing from 5+ years ago, it's a good thing I kept it.
Exactly, but the thing that immediately comes in in court is "oh hey you have evidence that shows favor in this light etc, give us everything from then?"
-
@Dashrender said in Burned by Eschewing Best Practices:
But when my boss goes and digs out some email from 5+ years ago.. she loves to come and say.. See I needed this thing from 5+ years ago, it's a good thing I kept it.
And you should properly respond "We got lucky that no one did a legal discovery, too." Remind her, every time, that she's "gotten lucky" from being risky. It's not just that keeping data makes you vulnerable, it also means that you HAVE to keep all data. You can't pick and choose what gets kept. It's all or nothing.
-
@DustinB3403 said in Burned by Eschewing Best Practices:
@Dashrender said in Burned by Eschewing Best Practices:
@DustinB3403 said in Burned by Eschewing Best Practices:
Keeping systems and data around for extremely long periods of time leads to major issues. Like having to keep all records available..
"As long as records are retained, they are legally discoverable, regardless whether their retention period has expired." - from the American Bar Association.
yeah, people just don't get that until they get burned by it. We have people who have email that goes back 20 years... it's just crazy to me.
But when my boss goes and digs out some email from 5+ years ago.. she loves to come and say.. See I needed this thing from 5+ years ago, it's a good thing I kept it.
Exactly, but the thing that immediately comes in in court is "oh hey you have evidence that shows favor in this light etc, give us everything from then?"
ANd it has to be EVERYTHING from then. If only some of it is kept, you are the one in trouble to come up with it.
-
https://community.spiceworks.com/topic/1867511-ibm-blade-center-s-recovery-of-raid-10
Ran a blade, no backups.
And then instead of learning from his mistakes, starts making more.
-
This guy is learning, but it bit him having his vendor provide his OS install..
-
Used RAID 5, lost everything.
-
-
Yeah. And not only did he lose everything on RAID 5, but it was on an MSA (the MSA didn't fail, but seriously people, who is buying this stuff) and then practically everyone in the thread including the OP and the main person responding, literally don't know what RAID 5, have no idea that it is bad or know how it works. At least the OP and the main person are unclear and can't be convinced that two lost drives on RAID 5 means that the data is lost!
