Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
We have a largeish number of systems that IT declared catheorically could not connect directly to the Internet for any reason.
So guess what systems weren't getting updates. Also guess what systems got overwhelmed by ransomware that hit what would have been a patched vulnerability, that came through someone's laptop that was allowed to connect to the Internet.
My department was fine, because we broke the rules to get updates.
So did network team admit the flaw in their strategy? No, they declared a USB key must have been the culprit and they literally went into every room and confiscated all USB keys and threw them away, with quarterly audits to make sure no USB keys appear. The systems are still not being updated and laptops with Internet connection are still indirectly bridging them.
Wait, why don't they use patch management software? If they allow computers with Internet access to connect to them, why not a patch management server?
They do. In fact they mandate IT assets to have three competing patch management software on them. They mandate disabling any auto updates because they have to vet them first. My official laptop hasn't been pushed an update in 8 months.
Do y'all need a consultant? That is so bad it's a non starter.
Ironically, we actually have a Segment of our business that provides IT for other companies, and they do a decent job, but they aren't allowed to manage our own IT. Best guess is that they are too expensive to waste on our own IT needs. If an IT staffember accidentally shows competence, they are probably moved to the billable group.
The irony..
Also, I keep a "rogue" laptop to self administrate along with my official it laptop to show I am in compliance. Updates are disabled and are only allowed to be fine y by IT. I just checked and they haven't pushed any updates for about 8 months.