Firewall Wizards mailing list archives
Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
From: "B. Scott Harroff" <Scott.Harroff () att net>
Date: Mon, 26 Aug 2002 08:18:16 -0400
You'll need non-repudiable authentication (evidence), as a court of law would describe. How would you propose to verify Jim was at Jane's workstation at the time of the porn site visit? In addition to "strong authentication" as we define it today, do you propose cameras? Keyloggers that distinguish typing behavior?
I'm not looking for 100% assuradness that Jim had not compromised Janes account to deliberately surf with her identity. I'm looking for more than "The DHCP server thought that 10.1.2.3 belonged to Janes at 1:30 PM". IE, The proxy server recorded Jane's domain ID and IP in outbound traffic. Given by policy passwords regularly change, passwords have minimum requirements, and users can not walk away from a logged in workstation, there is a very high probabilty that Jane was surfing the site, not Jim. And, Jane wouldn't be terminated for one logged instance; if her logs showed regular activity, someone would show up at her usual surfing time to greet her.
Something that's annoyed me for ages is the distinction that policy violations conducted through computing and networking are so different
from
any other medium. If an employee uses his phone card to dial a phone sex number during work hours, from a business phone, is it as serious an offense (granted, there's no temporary or long term cache of the "image" unless he's taped the conversation). What about print media and fax (although I've never heard of fax sex?)
If an employee dials a phone sex line on corporate time, they are improperly using corporate resources, costing the company <relatively> minimal monetary loss. Commensurate discipline would be a slap on the hand. If Jim surfs to a porn site (often) and Jane who sees this feels sexually ofended and harassed, and the company does not follow up with stopping folks like Jim, the company could face a embarrasing and expensive law suit....
Content inspection is an odd business, and it seems perpetually focused on computer networking. My point is that I've seen some policies that don't uniformly treat all media - it's acceptable to have a sexy calendar, but not to visit Victoria's Secret online, or thumb through PlayBoy during lunch? I've told folks that such policies are an HR nightmare waiting to happen.
Agreed on both counts. Not taking action can be very expensive though..... _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Crispin Harris (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Adam Shostack (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 23)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 25)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- Message not available
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Dave Piscitello (Aug 26)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 22)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Paul D. Robertson (Aug 26)
- Re: RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) R. DuFresne (Aug 25)
- <Possible follow-ups>
- RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Kalat, Andrew (ISS Atlanta) (Aug 22)
- Re: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) B. Scott Harroff (Aug 22)
- RE: Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Kalat, Andrew (ISS Atlanta) (Aug 22)