Re: Defending yourself against Nazi IT departments

Moe Trin wrote:
On Sun, 22 Apr 2007, in the Usenet newsgroup comp.security.firewalls, in
article <lbQWh.4728$kb4.760@xxxxxxxxxxxxxxxxxxxx>, Bogwitch wrote:

Moe Trin wrote:

> True - we don't do as much training as we might, but the general class
of users we have can make rational decisions about violating the well
known policies and the possible consequences. But for the O/P trying to
order frilly knickers, we have systems in the employee break areas
that are completely isolated from the company network. They have
enough software on them to allow our users to do such things, and
they have a "guest" account for this purpose. When the user logs out,
part of the .logout script clears the cache files and /home/guest/
directory. The systems are running a Linux distribution, "guest" is
just an ordinary user whose shell is rbash. Remember the 'cd' command
to change directories? This shell doesn't have one, and doesn't
accept a directory separator character in any command.

Agreed, we have a separate Internet access LAN for just such things. We have controls in place to prevent corporate material from accidentally being introduced to that LAN.
I am suprised that you allow anonymous logons to your Internet workstations. How do you maintain accountability?

Difficult to quantify though! Do you know of any work that attempts to explain the cost/ benefit of pre-emptive security?

Ask your legal staff. I suspect they know of the benefits.

:) Our legal staff wouldn't know the first thing about cost/ benefit concering Information Security. It's an unusual environment.

Bogwitch.

--
Posted via a free Usenet account from http://www.teranews.com

.

Quantcast