The phone rings, and I, being the new guy, am instructed to pick it up. This is allegedly for the purpose of getting me comfortable on the phone, but in my not very objective opinion, evidence points more towards the "let's screw with the fresh meat" mentality. Case in point:
"Hi, I returned a computer a few days ago. I was just calling to make sure that you had deleted all the information on i
Read Full Tale
So I have a friend who works in IT for a local chain of stores. He's still learning the ropes, but he is usually pretty good about asking questions when he's not sure or if what someone is telling him seems a bit... off.
I tend to be the person on the receiving end of these questions. He called me yesterday and explains that he's pretty sure what an outside vendor is trying to get him to do is a bad idea but he wants to confirm it.
This being a multi-store retail establishment, they have two networks. One is a public network with internet access, and the other is secure and connects only to the main office via leased lines for handling all the inventory and transaction processing.
They have an agreement with a 3rd party company which provides a server to handle the back end for a specialist product kiosk that they have in the stores.
The 3rd party company is located many states away and wants to do all their troubleshooting remotely. The problem is the server is located on the secure network since it needs to talk with the payment processing and inventory systems.
Obviously, this means that they cannot remote in to the server since it's not on the internet. So they send my friend up there to swap the server over onto the public network so they can get in, and then put it back on the secure network so they can see if it works.
This is already a bad security practice, but ok...
The server is a piece of shit. Their IT staff can only be described as incompetent. So they can't get it to work. They want to be able to remote into it while its still on the secure network to see what it's doing.
Their IT guy suggests plugging both networks into the server at the same time, which my friend tells them is not possible because there is only one network port.
The guy then says "Why don't you get a switch and connect it to the server and then plug both networks into it"
This was the point at which he called me to confirm that this was in fact a really bad idea......
I proceeded to laugh a lot and tell him to report these guys for trying to cause a major security problem.