Yeah, just try it...

[tugrik]

So today we have two mega-VIPs visiting us, from a rather huge (global) celphone company. They're doing what's called 'due diligence', where they poke and prod and audit everything they can get their over-eager hands on, to make sure everything in our contract is as we present it. I knew they were going to want internet access when they were here and I knew they were going to be really persnickety about security. My boss failed to believe, thinking we could just plug them into our corporate LAN and be done with it.

Ready for this, I'd previously set up both a wireless and a wired "customer DMZ". One of the VIPs asked for wireless access, and I happily gave him an 8-hour password. He logged in and started to surf the web -- causing the captive portal to ask him for name and password before allowing him to use our internet link. Perfect. The other had no wireless card and asked for a port to plug into. We cabled him to the ports in the conference room, and he was able to get online right away. Neither really had to do any configuration.

Both of them then proceeded to blatantly run scanning tools. Evil scanning tools. Yup, this wasn't access -- this was an audit. The DMZ functioned perfectly and they didn't find squat except a clean path to the Internet. They nodded, smiled, thanked me for the hook-up and jotted down a few notes.

If we'd let them just link to the LAN they would have found all kinds of things. I know the particular evil of the tools they were using. While they wouldn't have been able to do anything to our servers they could have done a lot to suss our infrastructure which would be quite an ugly mark on a security audit.

The urge to do a huge "I told you so" dance (wth all the stomping and wrecking of nearby objects involved) in front of my boss is incredible. I'll behave, though. :)

Comments

[smackjackal.livejournal.com]

So you really haven't given this whole kidney pencile stabbing thing much though then, have you?

[dustykat.livejournal.com]

And your not running this place by now, Why?

(Here, have one of those huge 1st grader pencils)

[tuftears.livejournal.com]

Well done, Net.Jedi!

[space-wolf.livejournal.com]

That's why you make the big bucks! A career field I tried to get into but alas could not.

But if this was an audit - would they not have asked to see your internal lan anyway, after they found they could not access it?

[octantis.livejournal.com]

You totally dunked on your boss. You may think the 'I told you so' urge is best denied, but I think you should find a way to get this coup out somehow. Get more people realizing where the brains really are, lest credit get stolen again.

[tugrik.livejournal.com]

They have their network goons descending on us in another few months, but they only get to see the (thankfully bolted down tight) customer-sided network in the colocation centers. These folks weren't going that deep... just surface things. They were still pretty thorough, however.

[kibbles.livejournal.com]

Didja at least SMIRK?

[prickvixen.livejournal.com]

Bosses say the wackiest things!

[turbinerocks.livejournal.com]

That was a windmill jam from the top of the key. :D

[koogrr.livejournal.com]

What were they using? I need names and to get familar with that kind of stuff.

[nekomavin.livejournal.com]

It always feels good to have one's paranoia vindicated... <grin>

Once Again...

[slipdragon.livejournal.com]

You are...

The. Man.

Enjoy your superiority. Have a drink. Get down tonight.

-=B.