Firewall Wizards mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: Dave Piscitello <dave () corecom com>
Date: Sun, 25 Aug 2002 10:26:22 -0400
> In my humble opinion, corporate security people not authenticing and > filtering/monitoring traffic heading off the corporate network is a like > airport personel not verifying individuals identities who are on an outbound > airplane, or checking what they are carrying. 99.99% of the time nothing > happens, that last 1% can be very painful though. ------------- >That's when positive >authentication is necessary. One needs to know its positively Jane Doe that >went to the porn site (which is against policy) or it was someone who sat >down at her authenticated workstation when she walked away without logging >off (which is against policy) before disciplinary actions are initiated.You'll need non-repudiable authentication (evidence), as a court of law would describe. How would you propose to verify Jim was at Jane's workstation at the time of the porn site visit? In addition to "strong authentication" as we define it today, do you propose cameras? Keyloggers that distinguish typing behavior?
Something that's annoyed me for ages is the distinction that policy violations conducted through computing and networking are so different from any other medium. If an employee uses his phone card to dial a phone sex number during work hours, from a business phone, is it as serious an offense (granted, there's no temporary or long term cache of the "image" unless he's taped the conversation). What about print media and fax (although I've never heard of fax sex?)
Content inspection is an odd business, and it seems perpetually focused on computer networking. My point is that I've seen some policies that don't uniformly treat all media - it's acceptable to have a sexy calendar, but not to visit Victoria's Secret online, or thumb through PlayBoy during lunch? I've told folks that such policies are an HR nightmare waiting to happen.
I wrote a paper a while ago on this subject, but I think it's still accurate and hopefully relevant
http://www.tisc2002.com/newsletters/211.html At 02:38 PM 8/23/2002 -0400, B Scott Harroff wrote:
One needs to know its positively Jane Doe that went to the porn site (which is against policy) or it was someone who sat down at her authenticated workstation when she walked away without logging off (which is against policy) before disciplinary actions are initiated.
David M. Piscitello Core Competence, Inc. & 3 Myrtle Bank Lane Hilton Head, SC 29926 dave () corecom com 843.689.5595 www.corecom.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- <Possible follow-ups>
- RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Kalat, Andrew (ISS Atlanta) (Aug 22)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)