You’ll be the coolest guy in IT if you ain't got your ID Welcome again to On-call, our almost-regular look at readers' escapades on client sites at odd times of day or night. This week's contributor offers up a story “of personal stupidity more than anything” so we'll spare him the blushes that come with a name. Our hero's tale starts with a downed Terminal Access Controller Access …
This post has been deleted by its author
Yup, smile, nod say 'good morning' to them.
Far too many don't even see them unless they ask for ID in which case they are 'The SS' or 'Stasi'.
'Don't you get breaks?' is a fine opening -- not 'How many heaters do you have in that isolated, shitty portacabin?'
Someone I knew pulled "I am not going to show you my ID you nasty security oik because you ought to recognise me. You must recognise me, because I'm the person who keeps causing you problems by refusing to show my ID."
The silly bugger refused to back down, and got himself fired.
I remember my first day on guard duty when attached to the Grenadier Guards. I didn't recognise the RSM on his motorbike and asked him to remove his helmet and produce his ID card. To be fair he was really nice about it and the guard sergeant made me a coffee because 'you got balls of steel mate'.
I don't understand why people refuse to show ID, the security guards are just doing their job. It's like a computer thinking ahhh nuts to it I don't need the password, you entered the right username and I can't be arsed checking. ..
A similar incident occurred just a few weeks after I joined the RN.
The training establishment was HMS Ganges, which meant that all of the trainees (trogs) were between 15 & 16 years old. One such trog was on duty at the guard post. The duty RPO (a hideous breed spoored by the devil himself) had been briefed that, as the Captain, HMS Ganges, was attending a 'do' at the wardroom (officers mess) that night there was to be no cars allowed in via the wardroom gate. Duty RPO instructed trog (mentioned above) that "No cars were to eneter via the wardroom gate."
You can see where this is going can't you.
Trog, now standing watch all by his lonesome, has been turning away cars for a while now. And a BIG cars arrives. Trog stops the car and asks the driver to use the main gate as this one is closed. (well the actual gates were wide open but he was guarding them gates and he had bin told that they wus closed.
The cars rear window lowers to reveal an Officer,who was NOT impressed. "Do you know who I am?" he asked. "No Sir," said trog saluting. "Please may I see your ID card Sir?"
The seated Officer, now ready to rip body parts off people, showed his ID card. (Showing your ID is always a GOOD IDEA. As the guards have the right, privilege and AUTHORITY to request ID from ANYONE.) The trog handed the ID back and said "I know who you are now Sir, you're The Captain, HMS Ganges. The Captain nodded, pleased at having been recognized at last. "Now may I enter my ship?" he asked. The trog replied "No Sir, please use the main gate. I have been briefed that this gate is closed tonight."
Seething Captain relents and tells his, white faced, driver to go round to the main gate.
At the main gate the Captain stops and inquires WHO briefed the guard on the wardroom gate.
All fingers point to the Duty RPO. Who is also now white faced. But he's trembling as well.
At the conclusion to this sad tale, the RPO got a reprimand, a serious blot on ones record, and a VERY swift move to another ship. And the trog got a written commendation, for following orders inspite of the obvious difficulty he was in.
gen dit honest!
Hell, yeah! I've worked security as a semi employable student but large lad. Like the receptionist, they ultimately control your access so be nice to them. Say hello, smile, know them by name, ask how they are, etc.
In the days when everyone smoked, a great deal of useful intelligence could be gained by walking the extra distance and sharing a durry with the security blokes. This tactic once allowed me to bail out of a sinking ship three weeks ahead of the brown stuff impacting the rotating device (quitting before receivership means they have to pay out entitlements or admit to trading while insolvent).
In line with the original story, one place I worked had a swipe card system on the rear main door to the car park. Now those doors opened outward, the swipe unit was mounted on a pole three feet from the actual door so that no one got whacked when the doors opened. That put it right under the overflow for the third floor gutter. Cue lots of rain and a dead swipe card reader. In those days these things were neither cheap nor common, so for two weeks while the unit was replaced, the rear door to a supposedly secure building was held open with a potted palm...
The same building had outside fire doors keyed to the alarm: unless the alarm was triggered they remained locked. Nice idea but about once a week someone had to be rescued from the fire escape. After I left, I heard that someone had actually set off the alarm by holding a lighter under the smoke detector after getting trapped late one night.
@1980s_coder
Human brain has algorithms for directing attention to novelties and switching routine processes to the background. I guess we just have to design systems round the brain a bit sometimes. The access procedures for the facility seemed to be designed with humans in mind so access was able to be granted.
PS: In the building I work in three days a week (not in a secure capacity), all the doors are unlocked from the corridor side by a simple 'bonk' of a photo ID card. We have to wear those on colour coded lanyards so everyone knows who is staff, and that rule is enforced. Solves the locked out problem.
Never needed a locksmith then?
Any system that requires the key to be used for different locks at the same time is asking for trouble when there are outside use cases like a system failure at 2am requiring the key to both be in the laptop and used to open doors in another building.
(Yes he likely should have stopped the transfers and shut down the connection in case someone else snuck into the secure room at 2am just in case he left it unattended, but the human brain does an assessment of security, & in this case he ranked it as secure as he left.)
You had to "swipe" out of secure rooms as well as in, and the system kept track of where you were. So if you tailgated someone out of the machine room, you couldn't get back in with your ID as the system thought you were still inside.
Theoretically sensible to enforce the no-tailgating rule and would have helped Our On-Call Hero here, but it didn't always register your "swipe"s, so was easy to inadvertently tailgate and get yourself locked out (or in!)
This post has been deleted by its author
Yonks ago I was put in charge of a small outpost of a computer company, in an isolated corner of a large factory belonging to a distantly-related business. At the end of my first Friday, "my staff" left a few minutes before me, so I locked the door to our corner, and went on my merry way.
Come Monday morning the MD visited, to give me a bollocking because he'd been called out at 2am by the Police who had noticed the factory's massive roller door open to all elements and therefore all miscreants. Yup, no-one had told me that the factory knocked off at 1pm on Fridays and it was therefore my responsibilty to secure the entire place. Didn't stop the MD from blaming me, from then until the day he fired me.
The MD was Charles Forsyth:
http://www.channelregister.co.uk/2009/04/22/charles_forsyth_legacy/
I learned a lot from my brief stay. Like, attacking the competition by selling at a gross loss on your largest longest-running contract is not a viable long-term business strategy.
You get tags that sound an alert if they are separated by too great a distance from their receiver. Keep the receiver attached to your person (not in your jacket, etc!), and the tag on your lanyard. As long as the first secure door isn't too close (might be a problem in a server room), then you will be alerted before you lock yourself out. These ones are to be paired to your phone, but there are also stand alone ones.
www.amazon.co.uk/dp/B00VKX0880
10 out of 10 for the concept.
But given most server rooms have restrictions on the use of mobile phones and other radio transmitters, I'm going to suggest these will be useless in many IT scenarios.
Occam's razor, a bit of string, or the slightly more sophisticated retractable keyring (http://www.amazon.co.uk/BLACK-RECOIL-RETRACTABLE-CHAIN-RING/dp/B00569W0EO)
One of those retractable keyrings helped me get out of jury duty once. Apparently they're a garotting weapon.
The fun part was the security moron instructed me to take it back and lock in my my vehicle (i.e. lock my keys in my car)
So I responded with equal nonsense, saying my vehicle had no doors (motorcycle, but I didn't say so) and couldn't be locked. I was escorted out of the building by another one of the police officers, who waited until we were out of earshot before doubling over in laughter. He wrote me a note.
Not on my first site management role, but pretty early in my lucky days doing such, I learnt that some of the best security practices consist of the following (thanks Simon):
1. Identify the people who have the fullest access to the facility whilst being paid the lowest. Usually security and the cleaners.
2. Find out their names, birthdays, and booze preference*
3. Ensure they get a card and a gift from your security budget 2-3 times a year. Birthday, Christmas, and something in between.
This means they know who you are, appreciate you value them as people as well as their function, and when you need the rules bending they will fall over themselves to help you.
Had to explain to the boss why I had a box of mixed spirits in the IT supplies cupboard, next to the clicky bat. Best site security policy ever :D
* Or for the non drinkers, something equivalent. A book of cinema tickets for the nice Muslim chap in this case
This is when "modern" systems would support multi-factor biometric access - a palm print and iris scan for example. After all, if it is chip+pin, then I could give the chipped card and pin to someone else and nobody would know until the security videos were reviewed, and maybe not even then.
Any time you say biometric, just think about that body part being cut off/out of you. It doesn't matter if a dead piece of flesh doesn't actually work, just that someone might think it will. Then be grateful you can hand over keys or cards, and hope they'll do what they have to do, and be on their way.
Only last week I had a (very very) minor version of this.
Had to visit a client, who shares a small building with another business. The business downstairs "mans" reception, and it's one of those "front door is open, but that only gets you to reception and a locked door" arrangements - they also don't have someone sat at reception, they come through from another office when they hear the door chime.
Sorted the clients problem (BT failed to log the fact that they'd been paid, cia the payment facility on their own website, and cut off the internet without warning), put my laptop back in it's case and left. Through reception and ... oh dear, the front door is locked.
Can't go back, can't go out, and there's no bell to ring.
Fortunately, since it's only a small building (large house sized), they could hear me from upstairs, knocking on the inner door.
Early start one Saturday morning doing a practice run for an upcoming software upgrade.
As a precaution we'd write locked some disks so that all we needed to do at the end of the day was flip the write lock switches, remount as mirror masters, and the system would be back ready for production.
But when I was done, the 24 hour operations staff were nowhere to be seen and I couldn't get into the computer room to flick the switches.
Not the end of the world, since I had until Sunday evening to get those switches flicked, but nobody had told me that the operators would disappear.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
