Internet slows down the computers (2)
Posted by OinkyConfidence@reddit | talesfromtechsupport | View on Reddit | 16 comments
After reading Internet slows down the computer, I was reminded of two times over the years where businesses thought they knew best. It's always interesting to know (or wonder) how people think.
First: We took over IT support at a small regional bank around 2005. Three locations. Upon onboarding assessment, we discovered their HQ location had two data drops at each station. Not too unusual on the surface; one was connected to the PC's onboard NIC while the other was connected to the PC's add-in NIC. OK then, I assumed one NIC went to their main/production network while the other must surely connect to a different network or VLAN, maybe for their bank core processing or something. Until I dug deeper and found out they didn't; all NICs connected to the same set of switches. Alright; surely they have some VLANs in place, separating things out? No, no they don't; it's all VLAN1, everywhere.
I asked and finally talked to someone who was around when they built the building in the 90's. Whichever IT contractor they worked with at the time told them they'd be more secure if they had a separate NIC in each PC for Internet access. They thought they were accomplishing this by plugging a separate NIC into the same switch & VLAN. How or why they assumed this I never found out, but thus began the process of disconnecting all the second, redundant network connections!
Second: It's 2015 now and I was called to perform some upgrades at a small company involved in the farming sector. 10 PCs or so. Went there to assess what needed to be upgraded (as the customer said they have old PCs and need new ones but aren't sure what). I look around and ask basic questions, like what line of business apps do they have, what they have for Internet service, etc., and as I ask the Internet question my contact shows me "Oh, we plug this in when we need to get online" - and he grabs a second Ethernet cable at his desk connected to a (currently disconnected) USB NIC. That network cable was plugged into their standalone cable modem in the basement (you know the one, with 4 LAN ports).
I asked, "Does everyone have one of these?" "Not everyone, just the three of us," I was told. As it turns out, this small, family-owned company was run by a very sweet (but very old) lady, who was so scared of Internet access she insisted people plug in when they need to get online, do their thing, then unplug it. And forget about Wi-Fi! After some gentle discussion with her, I was able to convince them to include a proper firewall in the scope of their upgrades and thus eliminated the need for them to have to plug in manually every time they wanted to get online.
Chocolate_Bourbon@reddit
I supported financial and banking apps for a series of clients 20 years ago. I had two clients that stood out to me.
The first required that all approvals for changes to permissions/profiles/etc be sent to them via fax. Their head of related security not only was not an admin for our apps, but had no access to any of them. He had never logged in once. They said that he couldn't be bothered with all that nonsense and would approve requests as part of his normal paperwork.
The second refused to use email, refused to use the internet, and required everything be sent to them via postal mail or by fax. They sent all change orders and requests to us the same way. They said that this would enhance their security and help them fight the criminals.
In both cases these practices made the client less secure. The first client was surprised to learn that we were not verifying signatures. They assumed we compared the signature of their head of security to one we had on file. They complained that this made it possible for any of their employees to submit a request for access, intercept the fax back to them, sign it, and then fax it back to us. Given their arrangement, it's likely no one at the bank would ever know that happened. Which was our fault since we were not using proper security.
The second client was less responsive to potential fraud, since they couldn't modify their settings on the fly like the rest of our clients. If I remember correctly they became the victim of significant exposure at one point. Which was our fault since our "internet apps" didn't stop it in time.
I never was able to convince either to change. I wish I had written down the name of those two banks. as I wonder if either could still be in business today.
OinkyConfidence@reddit (OP)
Unreal the level of dysfunction at some of these organizations!
Chocolate_Bourbon@reddit
Capitalism supposedly means all parties involved are acting in their own best interest. I learned long ago that is quite often not true. Stupidity can defeat any opponent.
Echohawkdown@reddit
Own best interest includes non-monetary interests, like not being bothered on the weekends when prod is on fire, network is down, backups are found to be corrupted, etc.
georgiomoorlord@reddit
I mean, she's not wrong.. the most secure networks aren't even on the internet.
Tatermen@reddit
I think it was the first chapter of the Windows NT 3.5 server manual stated that for a fully secure installation, you should never connect it to a network.
It wasn't wrong, but sort of defeats the purpose of a server.
chroniclesoffire@reddit
https://www.eviscerati.org/comics/hd/2001/10/security/
OinkyConfidence@reddit (OP)
True enough!
davethecompguy@reddit
That's the lady that invented air-gapped computers!
standish_@reddit
The most secure network is no network, which is what I told the board after they asked why I had deleted all our routing tables.
Those ID-10Ts didn't agree, of course...
Overall-Tailor8949@reddit
I'm surprised the add in NICS weren't using coax LOL
MISProf@reddit
A former student of mine called me at work one day. He was helping upgrade a network at his new job and found an old token ring network still in place.
wanderingpeddlar@reddit
Thick net?
Overall-Tailor8949@reddit
In the 1990's I was working in a computer store on Long Island and everything was Cat2 coax, except for a few Amigas that were connected using Parnet through the printer ports. Out internet access was via a shared USR Courier V.everything modem (yes shared 56k dialup) attached to an NT 4.0 (upgraded from 3.51) workstation that worked as our "server".
After 2000, I worked at a TV station that still had multiple dumb terminals running the newsroom system, I THINK those were also Cat2 connections. We also had an IBM mini computer for sales and traffic that used Twinax to talk to the terminals connected to it.
NobleWolf1@reddit
They were definitely air-gapped.
TinyNiceWolf@reddit
Yes, and some of the air-gapping was between the left ear and the right ear.