Feeds

BOFH: Slab happy

The PFY needs to play his cards right

  • alert
  • submit to reddit

Reducing the cost and complexity of web vulnerability management

Episode 15

Isn’t it annoying when senior management simply has to have access to every door, room, system and application in the enterprise - even if they have no idea what to do with the access once they get it.

Like our new IT Director (after the previous Director tragically stepped over the protective railings and into the path of the number 94 bus late one night outside Marble Arch tube station just as the PFY, he and I were walking home from a vendor’s drinks evening. He never did finish that conversation about looking through the company’s web usage to see who was wasting the most time during work hours...).

“He’s reset the aircon again,” the PFY says in annoyed tones, turning from the wall. “The remote’s only letting me choose setpoints between 20 and 21 Celsius.”

“Don’t worry, he’ll get tired of it soon,” I respond. “It’s just a phase he’s going through. He’ll find something more interesting sooner or later. Meantime if we just abstain from acts of gratuitous violence...”

...Moments later...

“Wondering if you could help me out?” our new Director says, entering Mission Control. “Just trying to sort out some of these access cards and keys...”

“Yes?” I ask.

“I’ve worked out what all these cards and keys are for,” he says, waving an impressive ring under the PFY’s nose, “but I’m just a bit confused about this one?”

!

“Wherever did you get that?” I ask, fingering an access card not unlike the card sewn into the lining of my wallet.

“Security.”

“Security?” I say, in tones not unlike the ones used to say ‘Look, a genuine #94 Routemaster from Queensway!’

“The security company - the one that keyed the building. I ordered masters of every key issued to the building - only they can’t tell me what this card was for.”

“Did they?” I respond, in tones not unlike the ones used to say ‘You might get a better view from the top of those railings’. “Tell you what, leave it with me and I’ll get back to you.”

. . . Moments later. . .

“So what’s the card for?” the PFY says, turning it over. “And what’s the XS legend stand for?”

“I... Uh... Exit Strategy,” I respond, deciding to come clean. “When they built the place I had some embedded card readers installed in the walls around the building.”

“And what do these readers do?”

“Oh, just administrative functions,” I respond, playing it casual.

“Like?”

“Just routine stuff - override the CCTV system, unlock and lock doors, trip the main circuit breaker for the building, that sort of thing.”

“And you were planning on giving me a card when?” the PFY asks, a touch miffed.

“Oh... I was just waiting for the security company to deliver it,” I lie. “It completely slipped my mind.”

At this point I figure that telling the PFY that it was an exit strategy for any eventuality - including his megalomania - might not be well received.

“So it’ll be OK if I take this one then?” the PFY asks.

“Of course!” I cry, faking bonhomie. “Just...”

“Just?”

“Just be... careful.. where you put the card. Keep it a foot or so away from any flat surface. Particularly flat surfaces with one of those fire emergency exit maps or large red X characters.”

“Like this one?” the PFY points to the diagram on the wall beside my desk.

“Particularly that one,” I say, deciding to tell all. “Unless you want to hear four explosive bolts simultaneously firing pieces of badly rusted reinforcing rod in place of the high tensile steel rods currently holding the one-ton slab of concrete in place in the roofspace above your desk.”

The PFY looks shocked. “How long’s that been there?”

“Since the place was built.”

“But... you let me choose my desk location!”

“Which is why I said to be careful around any flat surface,” I respond. “I... ran out of fire exit signs.”

“So... there’s probably a reader near my desk for a slab above your desk?”

“Er...”

“Only you would’ve made allowances for desks being moved around - which probably means the roofspace is riddled with slabs.”

“It’s a possibility...”

“And the walls riddled with readers?”

“Again, it’s a poss...”

AND THE GAME OF OFFICE CHESS BEGINS!

“There might be one over here somewhere to drop a slab onto you over there,” the PFY says, waving the card dangerously close to a missing sign location.

“Or one over here to drop one on you over there I say, moving to Queen’s Bishop 4.

“But then you’d have built a booby trap - just in case someone found this card.”

“I think you’re overthinking it a little,” I say, before the PFY can warn me about going against a Sicilian when death is on the line.

“Oh, really?” the PFY says, disappointedly, just as the Boss comes back in.

“That card please,” he snaps. “Apparently security found a card reader in a wall downstairs which doesn’t show up on the system but they think is connected to a door to the outside world immediately below this room!”

“Really?” I say, in a tones not unlike those used to say 'Careful, those railings might be slippery'.

“Thank you!” the Boss blurts, heading for the door.

>ba-ba-ba-bang!< >crash-crunch<

“How did you...” the PFY asks, glancing away from our new office footpath momentarily.

“I didn’t. Maybe there was a booby trap after all. Maybe it was in the big X on the exit sign.”

“And you were planning on telling me about that when?” the PFY asks.

“Oh... it completely slipped my mind. And now there’s only the one card. Perhaps you should get back to work...”

...

Choosing a cloud hosting partner with confidence

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.