Re: Blocking Yahoo Messenger With Firewall??
- From: "Jim Seavey" <jwseavey.spam@xxxxxxxxxxxxxxxxx>
- Date: 30 Nov 2005 19:05:17 GMT
Please pardon my lateness on posting to this thread. Some of us don't
have time to look at things like this daily...
Moe Trin wrote:
> In the Usenet newsgroup alt.computer.security, in article
> <dlbsif$93k@xxxxxxxxxxxxxxxxxxxxxxx>, winged wrote:
>
> > Concur, Users are creative, they will just use a different chat
> > tool, or possibly worse unless policy makes it clear and then
> > enforced. Once you shoot a couple users the problem disappears.
>
> A friend who admins at a nearby community college tells new users that
> the line of flag poles along the walkway to the Computer Center (short
> poles, normally used for banners) are there so they can impale the
> severed heads of "creative" users who violate policy. I point out that
> this is messy and probably a biohazard - the better way is to follow
> Iosif Stalin's example, and just make them disappear.
>
> > We had one user get creative and route a ssh connector through home
> > broadband connection...."had" being the definitive word here.
>
> I always have to laugh at people who post about doing this, because
> the ssh datastream is encrypted, and no one will be able to see what
> they are doing. They seem to forget that the very presence of an
> encrypted data stream is like waving a huge flag with the legend "I'm
> a fool - make an example of me, please!!!". Sometimes, they get
> their wish.
>
> Old guy
Mr. Old Guy, Sir:
I would like an opportunity to be employed by your company.
But before I do this I would like to verify that the company does not
prevent me from using ssh in its policies. Is this correct?
If it is correct, the first thing I will do on my second week on of the
job is run an ssh tunnel just so you can have me fired.
When we go to court the following will be the line of question my
attorney will take:
My Attorney: Mr. Old Guy, Am I correct in stating that the reason you
recommended that my client be fired is because he was running a program
called ssh?
Mr. Old Guy: Yes, BUT we know that people who run this program "forget
that the very presence of an encrypted data stream is like waving a
huge flag with the legend "I'm a fool - make an example of me,
please!!!"
My Attorney: Mr. Old Guy, please tell us what my client was doing that
was in violation of company policies.
Mr. Old Guy: Well, we don't know exactly what he was doing because it
was an encrypted connection. But we know that the computer he connected
to has an IP address that is registered to him. So he was in violation
of company policy by accessing his own computer.
My Attorney: Mr. Old Guy, please tell the court what my client was
doing while he was connected to his computer that was in violation of
company policy.
Mr. Old Guy: He was connected to his computer using an encrypted data
stream so we know he was trying to hide what he was doing.
My Attorney: Mr. Old Guy, is it a violation of company policy to
connect to other computers in the course of completing work for the
company?
Mr. Old Guy: Uh, no.
My Attorney: Mr. Old Guy, ssh, is a program that encrypts data, so that
no one can see what is being done, is that correct?
Mr. Old Guy: Yes.
My Attorney: So, you really have no idea what my client was doing with
the ssh connection he had made to his computer at home do you?
Mr. Old Guy: Uh, no, but...
My Attorney: Mr. Old Guy, is it possible that my client was accessing
data on his home computer that he had worked on the previous night and
forgot to load onto his USB portable disk when he left for work this
morning?
Mr. Old Guy, Yes, but...
My Attorney: So, it could be that my client was not in violation of
company policy when using ssh to access his home computer because you
really have no way of knowing what he was doing.
Mr. Old Guy: Yes, but...
My Attorney: Your honour, as the testimony given clearly demonstrates
my client was dismissed as a direct result of the negligence of Mr. Old
Guy. He had no grounds to recommend my client be dismissed. We ask at
this time that you make a preliminary ruling in favour of the plaintiff
and grant the damages asked for in our suit which are nothing more than
the money my client would have earned had he been able to complete his
intended 30 years of employment at "Thanks For the Retirement Gift Mr.
Old Guy" in the amount of $30,000,000.
Mr: Old Guy: But, but, but....
Just between us and the fence post, I do not understand how any
employer would be willing to take the risk of dismissing someone when
they do not know exactly what the person is doing.
Now, are you capturing keystrokes on every computer in the company? I
am curious as to how you KNOW what an individual running ssh was doing
that would allow you to state that he/she was in violation of company
policy.
Enquiring minds want to know....
--
Remove the .spam in my E-Mail address should you want to reply by
E-Mail.
NorSea Odyssey
Around The World by BMW Motorcycle
http://www.norseaodyssey.com
"Yeah, I have a hair stylist. His name's helmet."
"If Bill Gates had a nickel for every time Windows crashed....Oh, wait,
he does!"
.
- Follow-Ups:
- Re: Blocking Yahoo Messenger With Firewall??
- From: Moe Trin
- Re: Blocking Yahoo Messenger With Firewall??
- From: John Hyde
- Re: Blocking Yahoo Messenger With Firewall??
- From: Winged
- Re: Blocking Yahoo Messenger With Firewall??
- Next by Date: Secure passwords?
- Next by thread: Re: Blocking Yahoo Messenger With Firewall??
- Index(es):
Relevant Pages
|
