Re: [fw-wiz] i-cap proposals

From: ArkanoiD (ark_at_eltex.net)
Date: 02/22/05

  • Next message: Mark Boltz: "[fw-wiz] Re: username password vs token pin" 
    To: "Paul D. Robertson" <paul@compuwar.net>
Date: Tue, 22 Feb 2005 19:17:10 +0300

    So, again: it is often (not always ;-) more affordable for small companies
    to have less restricted environment rather than to pay more to employees
    who agree to work in more restricted one or to create a compartment mode
    network for personal needs.

    And - if that's the way things are done - there should be the way to
    deal with inevitable (in less restricted environment) attack vectors
    to minimize risks. Say, applying in-transit inspecting proxy ;-)

    (although, having a couple of workstations like "on-site internet cafe"
    is better idea)

    On Tue, Feb 22, 2005 at 11:25:24AM -0500, Paul D. Robertson wrote:
    > On Tue, 22 Feb 2005, ArkanoiD wrote:
    >
    > > That depends on network AUP much. Don't know for US but here in Russia the
    > > most common privacy policy is not to interfere with employees personal
    > > communications unless there is a pretty explicit reason for investigation.
    >
    > Since I generally do incident response, forensics and the like, I tend to
    > see more "explicit reasons" than most.
    >
    > > It is considered unethical. Company's security service should be legally
    > > allowed to, but not on the will.
    >
    > I prefer to keep things separate so that such issues don't happen. I've
    > seen way too much "personal" stuff on company machines that shouldn't have
    > been there. I've also had to deal with the "co-worker walked past when
    > the offensive e-mail popped up" stuff too.
    >
    > > >
    > > > However, I will categorically state that the places I've been where folks
    > > > don't allow personal access and where they do monitor for compliance have
    > > > significantly less "recreational" activity going on during business hours.
    > > > But then those places don't have issues with non-compliance because they
    > > > don't change the policy if it isn't popular, they change the employee if
    > > > they can't comply.
    > >
    > > Things are not always that simple. Speaking for me, working in environment where
    > > i am not allowed to do recreational things on my workplace and communicate to outside
    > > should at least double my income to be acceptable.
    >
    > I always negotiate this explicitly, but that's then part of the policy-
    > not an exception to it. I've had the chance to make lots more money
    > working in much more restrictive environments, and decided to decline- but
    > that doesn't mean those environments should change their policies to be
    > more liberal to attract me.
    >
    > > Compartment mode systems are sometimes cheaper ;-)
    >
    > Sometimes, but that's up to the policy. The thing is that it's not
    > necessarily inherently bad to limit such access, and it's probably always
    > bad to change a policy because of popularity rather than risk, business or
    > other driving reasons.
    >
    > Paul
    > -----------------------------------------------------------------------------
    > Paul D. Robertson "My statements in this message are personal opinions
    > paul@compuwar.net which may have no basis whatsoever in fact."
    >
    >
    > email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
    >
    > [host=TEST]

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Mark Boltz: "[fw-wiz] Re: username password vs token pin"