Re: [fw-wiz] What challenges are security admins facing?
From: Paul Robertson (proberts_at_patriot.net)
Date: 05/28/03
- Previous message: Loxat White: "[fw-wiz] traffic analysis"
- In reply to: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Next in thread: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Reply: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: ark@eltex.net Date: Wed, 28 May 2003 12:33:44 -0400 (EDT)
On Wed, 28 May 2003 ark@eltex.net wrote:
> Being a bit offtopic on firewall security audit discussion, i'd like
> to remember a paper i wrote on security management problems. Unfortunately
> the paper is in Russian thus having no value for the mailing list
> subscribers, but i can recite key point here: the major problem is
> responsibility and serious gap between de jure and de facto computers and
> network usage policy. People DO use computers at their workplace for
> personal needs and its OKAY. There are some cases when it is not
Sometimes it's okay, and sometimes it's not- that's highly dependent on
what that personal usage is (playing pirated copyrighted content would not
be ok in most places, nor would browsing porn sites, and certainly handing
out administrative accounts for your friends to use would be frowned
upon.)
> Enforcing a fascist set of restrictions just makes users extremely
> creative to avoid it. Keeping restrictions reasonable makes it possible
Getting rid of the creative ones tends to work like natural selection.
[snip]
> gets fscked really bad - but to make things work this way the administrator
> should allow him to do it if it is really innocent. Otherwise he
How does the admin kno wif it's "really innocent?"
> Another problem is, again, management. Ever seen a big boss that
> says "i need this videoconferencing software working today from my
> desktop, so please poke a hole in firewall to make it work - it
> is IMPORTANT! no, we do not have time for security analisys, we need
> it NOW! No, i do not want to do it from dedicated notebook machine".
> The point is obvious. Why designing and implementing
> crafty security policy just to have it ruined this way?
My standard answer of "No." worked for everyone from the person in the
mail room to the CEO of a multibillion dollar company when I was running
firewalls daily. Perhaps this too is part of the responsibility?
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Loxat White: "[fw-wiz] traffic analysis"
- In reply to: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Next in thread: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Reply: ark_at_eltex.net: "Re: [fw-wiz] What challenges are security admins facing?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
