Temporary workaround applications/scripts become de-facto standards sounds familiar. They disabled loading script files in Powershell but you can still copy&paste the file's content ...
People have no idea how absurd IT in corporations is.
Dirk
joined 1 year ago
That make the badges NFC tags but without actual NFC ...
At least they had the code not in direct sight on their desk.
Big international corporate, IT security hired by personal connections instead of skill, IT security never worked in daily business.
The fun thing is, that they refer to NIST guidelines. Which is even funnier because NIST says 12 digits are enough, user-generated 8 digits are fine, no complexity rules, and password changes only "when necessary" (i.e. security breaches).
I've seen plenty of solutions. Sticky notes, a simple text file. External tools like barcode scanners. Using all letters and just 1! at the end (not that this is less secure on technical level than a completely random string, but it's easier to bruteforce - theoretically), etc. Some people use KeePass (with a stupid 5 letter password).
Some users have a barcode scanner connected to the system for doing the business stuff. The barcode scanner registers as HID keyboad ...
Yes, they did exactly what you think.
They are so heavy on security I have a Citrix environment that takes me 3 logins
My daily routine:
- Take laptop out of locked shelf
- Start Laptop and enter boot password
- Enter Bitlocker password
- Enter username (not saved) and password
- Open Citrix website and login with different username and password
- Enter MFA token to access said website
- Start server connection
- Enter different username/password (not saved) to access server
- Enter different MFA token for the server login
- Start the business-specific application with 3rd set of not saved and different login data
They also have plans to make MFA mandatory for laptop login, too.
Passwords need to be at least 15 characters long for laptops and 30 for servers and 10 for the business-specific application. All need to have uppercase, lowercase, numbers, and special characters and need to be changed every 60 days (for the server login) and cannot be the last 30 passwords.
Given this context it seems much more reasonable having such a complex and long instructions page on how to run it in Docker. This seems to be something you don't just try and run simply for checking it out.
I looked at the instructions it under the premise of "lightweight wiki server" and did not check in detail what this specific software is.
Any small Linux distro would do. Just install Docker and maybe Portainer (as container itself of course) if you want a web UI.
Wow, they really hate the idea that everyone could just spin up a Docker container with their wiki software.
So better put Docker in a VM so it can't do any harm to the host?
I'll always prefer the repositories, but Flatpak comes in handy for applications with weird dependencies where you need to compile everything needed on your own - or outdated 32 bits software.
Ladies and gentlemen, we have a winner!