Firewall Wizards mailing list archives
Re: What challenges are security admins facing?
From: ark () eltex net
Date: Wed, 28 May 2003 20:53:27 +0400
nuqneH On Wed, May 28, 2003 at 12:33:44PM -0400, Paul Robertson wrote:
network usage policy. People DO use computers at their workplace for personal needs and its OKAY. There are some cases when it is notSometimes it's okay, and sometimes it's not- that's highly dependent on what that personal usage is (playing pirated copyrighted content would not be ok in most places, nor would browsing porn sites, and certainly handing out administrative accounts for your friends to use would be frowned upon.)
Sure. These restrictions seem reasonable in most places. But restricting access by limiting it to pre-defined set of "work-related" sites actually encouraged users to do dirty tricks in almost 90% of companies i've seen it in.
Enforcing a fascist set of restrictions just makes users extremely creative to avoid it. Keeping restrictions reasonable makes it possibleGetting rid of the creative ones tends to work like natural selection.
And sometimes it works the wrong way. The remaining ones hide well and cause more trouble finally ;-). Many comanies that try to enforce restrictive policies simply do not have enough resources to track down violations. If they had policy less restrictive, they could. (talking now with a girl that works for one of those. she is not allowed to use email at work, thus she spent some WORKING time to find a way around it. i doubt it is what they want)
[snip]gets fscked really bad - but to make things work this way the administrator should allow him to do it if it is really innocent. Otherwise heHow does the admin kno wif it's "really innocent?"
Maintaining the list,if the thing is not on the list he should suggest something of close functionality..
Another problem is, again, management. Ever seen a big boss that says "i need this videoconferencing software working today from my desktop, so please poke a hole in firewall to make it work - it is IMPORTANT! no, we do not have time for security analisys, we need it NOW! No, i do not want to do it from dedicated notebook machine". The point is obvious. Why designing and implementing crafty security policy just to have it ruined this way?My standard answer of "No." worked for everyone from the person in the mail room to the CEO of a multibillion dollar company when I was running firewalls daily. Perhaps this too is part of the responsibility?
Yes. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- What challenges are security admins facing? Paul Ammann (May 27)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 28)
- Re: What challenges are security admins facing? ark (May 28)
- Re: What challenges are security admins facing? Paul Robertson (May 27)
- RE: What challenges are security admins facing? Ben Nagy (May 27)
- Re: What challenges are security admins facing? R. DuFresne (May 27)
- <Possible follow-ups>
- Fw: What challenges are security admins facing? Paul Ammann (May 29)
- Re: Fw: What challenges are security admins facing? R. DuFresne (May 29)