One chestnut from my history in lottery game development:

While our security staff was incredibly tight and did a generally good job, oftentimes levels of paranoia were off the charts.

Once they went around hot gluing shut all of the “unnecessary” USB ports in our PCs under the premise of mitigating data theft via thumb drive, while ignoring that we were all Internet-connected and VPNs are a thing, also that every machine had a RW optical drive.

  • TechyDad@lemmy.world
    38·
    1 year ago

    ZScaler. It’s supposedly a security tool meant to keep me from going to bad websites. The problem is that I’m a developer and the “bad website” definition is overly broad.

    For example, they’ve been threatening to block PHP.Net for being malicious in some way. (They refuse to say how.) Now, I know a lot of people like to joke about PHP, but if you need to develop with it, PHP.Net is a great resource to see what function does what. They’re planning on blocking the reference part as well as the software downloads.

    I’ve also been learning Spring Boot for development as it’s our standard tool. Except, I can’t build a new application. Why not? Doing so requires VSCode downloading some resources and - you guessed it - ZScaler blocks this!

    They’ve “increased security” so much that I can’t do my job unless ZScaler is temporarily disabled.

    • tslnox@reddthat.com
      10·
      1 year ago

      Yeah. Zscaler was once blocking me from accessing the Cherwell ticket system, which made me unable to write a ticket that Zscaler blocked me access to Cherwell.

      Took me a while to get an IT guy to fix it without a ticket.

    • Dkiscoo@lemmy.world
      4·
      1 year ago

      Oh man our security team is trialing zscaler and netskope right now. I’ve been sitting in the meetings and it seems like it’s just cloud based global protect. GP was really solid so this worries me

    • lightnegative@lemmy.world
      4·
      1 year ago

      It has the same problem as any kind of TLS interception/ traffic monitoring tool.

      It just breaks everything and causes a lot of lost time and productivity firstly trying to configure everything to trust a new cert (plenty of apps refuse to use the system cert store) and secondly opening tickets with IT just to go to any useful site on the internet.

      Thankfully, at least in my case, it’s trivial to disable so it’s the first thing I do when my computer restarts.

      Security doesn’t seem to do any checks about what processes are actually running, so they think they’ve done a good job and I can continue to do my job

    • killeronthecorner@lemmy.worldEnglish
      2·
      1 year ago

      It’s been ages since I had to deal with the daily random road blocks of ZScaler, but I do think of it from time to time.

      Then I play Since U Been Gone by Kelly Clarkson.