Serious Techy Business Thread

All web traffic goes through a proxy and assessed with a risk level based on various categorisations. If it hasnt seen something before or has a high risk level, the user gets a 'blocked. please annoy security to unblock it' message. We then add it to a timed whitelist for a few months if there is a business case for it. If that doesnt get the site working, its a network issue and I dont care about it.

Its an old proxy and we are moving to skyhigh soon so whatever but its still annoying.

Our IT just gave Devs admin permissions on our laptops in my previous job. Zscaler being one of the reasons why, it basically stopped anything from working. They were then shocked to find out most Devs used their admin permissions to just remove the fucking thing.

Then again they were also surprised when we all changed our outlook endpoints with admin privileges so that it didn't need to be on the VPN.

ATOS are genuinely clowns.

Always been my life. The IT people were always so behind whatever we were up to they gave up. The transition to the cloud, like 10 years ago, involved me filling out forms about where the server physically was, it's static IP etc. When it all meant nothing. They could understand whatever bullshit happened on Windows though. Except when they couldn't and needed my help



Outsourced nonsense mostly. But they are fucking Microsoft idiots.

Our devs are mostly alright but there was one guy who had a “I am the most important person here and I deserve unfettered access” attitude. Guy, you’re in a hospital and your job is maintaining a couple of forms on an internal CMS.

I generally believe that most people will behave like adults when they're treated like adults. And mostly, that's borne out. Obviously, there's always special cases.

That said, most of the dev here is done on AWS playgrounds that have no interaction with production stuff and they can do what they like with, within a set of controls they agreed to. Some of them get Macs as laptops, but they're still MDM controlled and locked down, beyond the software build profile and tools they request. They do usually get the tools they need to work, though.

No one has access to local admin at all times except the helpdesk. There's no reason why anyone would. Most people with Azure admin access can PIM to local admin for specific tasks, but it's all audited.

He needs the Serious Tetchy Business Thread

Our Ops were great. They handled the full infosec certification, got the pen tests done, worked with us to make sure everything on AWS was proper. They were in house though.

The IT as in work laptops was outsourced to ATOS as well as some on prem windows servers. They were completely fucking useless. Hence engineering just getting admin powers. They licensed us MacBooks (or some Ubuntu ones )but clearly barely knew how they worked. Their processes were entirely unable to deal with command line tools being approved installs, so say git ended up needing elevated privileges just to run, or when they rolled out zScaler managing to block GitHub access for 500 Devs. Or blocking our own infosec approved SSH tunnels. Or the whole attempt to get http/2 working had to be done off the VPN as it fucked with headers so aggressively.

There was also the episode with them hosting a critical 2nd party system on prem, dunno why, possibly as I said I wanted nothing to do with Windows. Wasn't working still a week before go live so I had to step in, took me a couple minutes to find the logs, spot a privilege error and suggest they create a machine user with correct privileges. They didn't know what that meant so just ran it as admin. Morons.

This sounds like a job for an Indian tech youtuber

Well, this is the thing. Wireshark itself isn’t that hard to use. The trick is knowing what you’re looking at.

I’ve demo’d forensic file extraction from a pcap to our juniors before which would be a phrase that means nothing to someone who works in risk and controls.

DPM will do granular data restores if you’re lucky with timings. And check the cadence of your hyper v checkpoints, you might be lucky there, too.

Dunno if there is anything that can just roll back a VM with no previous config, tho

Oh documents etc? You might be ok then. Is that 3TB volume at capacity or does it have loads of space? If the disk is even half empty you have a decent chance of recovering them.

It does get more complicated for documents which are updated, but for those which were created during those 5 hours you’ll likely be golden.

Photorec is your friend, but bear in mind that it might mistakenly label docs/xlsx as zips, since that’s what they are under the hood.

Without knowing what the backend product is doing, it's difficult to ascertain if that is normal behaviour or not. The SP could be locking a number of tables either row based or page based which then has an impact further down the line.

If the report is trying to say that’s how often the SP is being executed then it makes perfect sense. It’s just weird that the query it reports is the CREATE statement, which definitely should not be running repeatedly

Just wanted a second opinion before I make a fool of myself and suggest the software may be erroneously running a CREATE script in a loop