45
VaderNT
6y

Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".

You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.

Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.

So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.

Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.

There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.

Comments
  • 12
    W O W
    Just wow.

    How the hell did nobody rebel against this? Who the hell thought "Yeah that's a good idea, go ahead and implement it"?
  • 2
  • 2
    Is this mayhaps a company ranging sowhere between red and yellow? ;)
  • 2
    @JustThat yes. And still, typing was actually the most bearable part. It probably compresses well/only needs partial screen updates.

    The drag and drop GUI for data flow modelling on the other hand...
  • 1
    @jinx that's uncomfortably close. 😉 It's a similar company, ranging between blue and red.
  • 1
    Because everyone knows that the more layers of the same security you wrap things in, the better. You gotta think vertically, not laterally when it comes to multi-factor authentication!

    I love that the end termination point is a user-friendly GUI. I can imagine the creator thinking they are so smart for providing such convenience yet with such security.

    They probably used to scan the internet for SOCKS5 proxies and build their own proxy chains for kicks.
  • 1
    @endor I am not surprised as your success as an employee is often tied to your capacity to be a good boy that follows orders without making a noise.
  • 1
    This seems to be a common disease of companies with paranoid customers. The bigger the companies, the more they force to use their standards. If now a big company supports an other big company the possibility is very high, that they also use external IT-services additional to their internal IT-departments. So the snake of tunnels and funny things between grows up to several limbs of bullshit.

    The worst I knew were banking-companies or automotive industries like Volkswagen or General Motors. They've separate RSA-SecureIDs for Hotlinestaff and even their own VPN-Software running, which requires very special systemsettings on both sides. Took me several minutes to suppport (if I could reach em at all).

    We can't do anything about that. Its annoying every time.

    Those tunnels remind me on that human centerpede thing horror movie...
Add Comment