Security Basics mailing list archives

RE: Security and the Under 30 User

From: krymson () gmail com
Date: 13 Feb 2008 19:05:34 -0000

E.g: Are you herding cats? Trying to hold sand or water in your hand? Cling to ideals of a culture past? These are
meant to be non-threatening rhetorical questions, nothing more. Well, ok, I'm playing 10% Devil's Advocate here... :)

I think it is a very relevent question, Joe. There is certainly a reason to look at security issues that will never
truly be beaten or go away.

Should you maybe implore HR/managers to take different approaches to web filtering and productivity issues? Perhaps.

Is spending time playing web filter police really improving security or helping the business bottom-line? Perhaps.

Should you really be worried about people savvy or motivated enough to use their own or other proxies to browse such
sites? Perhaps.

Is this less a security or even IT concern and more a company ethics police concern? Perhaps.

What if this approach were taken in other security questions like firewalls, AV, allowed softwares, admin rights, etc.
Is that a good stance? Perhaps.

I just feel that there are people who don't see this as some cultural issue to be beaten down and controlled, but
rather something that is part of progress and change and should be embraced in order to stay relevent in the coming
years (or to retain happy employees). Sure, this may open you up to some additional risks, but you'll have to weigh the
costs of those risks versus the benefits. This issue is not something you can solve with blanket statements like "you
must web filter," or "you must use white lists," or "you can't stop it stop trying." This solution is entirely
dependent on the organization in question. Boeing's policies will differ from a start-up web/tech company.

I'm just sayin... :)

<- snip ->

Slightly unrelated to the subject, but still relevant:

One thing I'm discovering a lot are sites which claim to allow you to view
the blocked sites like FaceBook, etc. There are mirrors after mirrors and
site after site that do this. Are there ways to stop it or will savvy
"under-30" types continue to be resourceful and circumvent?

Current thread:

RE: Security and the Under 30 User, (continued)
- - - RE: Security and the Under 30 User G_Z_Gupta (Feb 12)
- Re: Re: Security and the Under 30 User grace . tom (Feb 11)
- RE: Security and the Under 30 User George, Joe (OCFO) (Feb 12)
  - Re: Security and the Under 30 User Larry Offley (Feb 13)
  - RE: Security and the Under 30 User Evert Breero (Feb 13)
    - RE: Security and the Under 30 User Timmothy Lester (Feb 13)
    - Re: Security and the Under 30 User infolookup (Feb 14)
    - RE: Security and the Under 30 User Evert Breero (Feb 14)
    - RE: Security and the Under 30 User Evert Breero (Feb 14)
  - Re: Security and the Under 30 User Yousef Syed (Feb 13)
- RE: Security and the Under 30 User krymson (Feb 13)