Re: [fw-wiz] httport 3snf
From: Al Potter (apotter@icsalabs.com)
Date: 10/22/02
- Next message: Mike Frantzen: "Re: [fw-wiz] CERT vulnerability note VU# 539363 (fwd)"
- Previous message: Jeff Moss: "[fw-wiz] Call For Papers Announcement: Black Hat Windows Security"
- In reply to: Robert E. Martin: "Re: [fw-wiz] httport 3snf"
- Next in thread: Duncan: "Re: [fw-wiz] httport 3snf"
- Reply: Duncan: "Re: [fw-wiz] httport 3snf"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Robert E. Martin" <rmartin@fishburne.org> From: Al Potter <apotter@icsalabs.com> Date: Tue Oct 22 12:14:01 2002
Robert:
rmartin@fishburne.org said:
> This is a military School for 8-12 graders.. The key here is
> disipline.
I've been lurking quietly on this thread for a few days, waiting for you
to weigh back in as you have here. I strongly suspected what you say
above to be the case.
You have a policy / discipline / supervision issue. The firewall (or
other security device) can never enforce compliance with this type of
policy 100% (there's always a smarter hacker), but it can make deviation
more difficult, and provide an audit trail to assist the supervisor in
detecting and documenting policy violations. This brings the problem out
of IT and back into its proper realm, personnel supervision. People set
policy, have the discipline (or not) to follow policy, and supervise /
enforce compliance with policy.
Being in a military environment (and I have 9 years of active duty Army in
my past), you may have the luxury of what would be (viewed in many
corporate environments as) a draconian policy and enforcement environment.
"$FOO is verboten. First time offenders will be counseled in writing.
Second time offenders will loose privileges for X days. Third time
offenders will be...."
Being in an educational environment, you have a challenge and IMHO
responsibility to educate these young people as to WHY the policy is there
(there IS a reason, right?). I'd recommend you take a look at Winn
Schwartau's book: Internet_&_Computer_Ethics_for_Kids_(and_Their_Parents_&_
Teachers_Who_Haven't_Got_a_Clue). It's designed to teach exactly these
kinds of lessons to exactly your target audience, and does a decent job of
discussing the issues.
In short:
- Write a policy
- Brief and educate your users on the issues, ethics and the policy
- Empower the supervisors to monitor compliance and enforce the policy
The Firewall only helps with the last one.
Hope this helps....
AL
-- +------------------------------------------------------------------------+ | Al Potter | | Manager, Network Security Labs | | ICSA Labs apotter@icsalabs.com | | www.icsalabs.com PGP Key ID: 0x58c95451 | +------------------------------------------------------------------------+
- application/pgp-signature attachment: stored
- Next message: Mike Frantzen: "Re: [fw-wiz] CERT vulnerability note VU# 539363 (fwd)"
- Previous message: Jeff Moss: "[fw-wiz] Call For Papers Announcement: Black Hat Windows Security"
- In reply to: Robert E. Martin: "Re: [fw-wiz] httport 3snf"
- Next in thread: Duncan: "Re: [fw-wiz] httport 3snf"
- Reply: Duncan: "Re: [fw-wiz] httport 3snf"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
