-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: What's the most interesting small town you've visited in South Africa?
Security myths
- Thread starter rpm
- Start date
gboy
Expert Member
everything is only as effective as the user,
so true. no point of having a cooperate firewall and some user uses a 3G card, it just creates a hole in the fence. Trying to make people understand that is impossible.
Balstrome
Banned
And then there is the laptop that takes 15 mins to boot up and log in to the network, because of all the security policies heaped onto it. People will not want to work with this monster, and even hack a way around the security. Policy makers should spend a day doing the work of the people who will be affected by the policy decisions, for a better solution to be found. Just one normal day, is all we ask.
Veroland
Executive Member
I am not allowed to plug my laptop into this one client's network because they do not own the laptop. However, I'm free to plug in my 80gig removeable drive into the pc's and copy data to and fro. All I can think of is they might be scared of a virus or something.
The_Unbeliever
Honorary Master
I put up a link to another website a while ago - in it the author speaks of the policy of default deny and why it might be a good idea to implement on operating systems.
Smoothwall v3 already does default deny in the half-open and closed security policies.
Link : The Six Dumbest Ideas in Computer Security
Smoothwall v3 already does default deny in the half-open and closed security policies.
Link : The Six Dumbest Ideas in Computer Security
orin76
Expert Member
Agree completely. Some companies have security policies that seriously compromise an employees ability to efficiently carry out their duties. For example, a guy has to provide support for a specialised software suite, but most of the online forums dealing with the software are blocked by the company's content filter which identifies them as chat sites. After trying for a few months to get the sites opened by his IS department, he eventually gets a 3G card and is now able to do his job. Unfortunately he is now also posing a security threat to the organisation. Sometimes you can't win.
<moLe>
Expert Member
It's the Network Admin's responsibility to think for the end user. Thus in our attempt to block as many holes as possible we might cause some uncomfort for the end user. But normally the biggest "hooks" remain is the legacy software,****ty passwords(but if so then its the net admins fault) and idiotic end users and then normally after al of the money spent on IT security physicall security normally isnt up to scratch leaving the possibility for social engineering. So to really secure a network one have to set up the network in a solid concrete building, no doors,no windows oh and no humans interacting with the computers and definetly no network connection...my point network security will always remain a best effort dilema, where your IT budget determines the security level attainable. (oh and could really do allot for the security of your network if you could force all your user's into using linux and dropping any one of microsofts ridiculously insecure OS's, or atleast keep that shti behing an GNU/Linux firewall)
Turiko
Banned
The problem is, that with all this security, they are putting restrictions on what people can and cannot do, hence the reason why people bring in 3G cards and modems to work.
A prime example was my wife's ex-employer. They blocked almost 80% of the sites that she used to do tracking and other info- all 100% bona fide work related. Repeated attempts to get these sites unblocked proved fruitless. They wanted to crap in their pants when I gave her spare iBurps modem and router to take to work. Thankfully she has left that fruitcake of a company.
A prime example was my wife's ex-employer. They blocked almost 80% of the sites that she used to do tracking and other info- all 100% bona fide work related. Repeated attempts to get these sites unblocked proved fruitless. They wanted to crap in their pants when I gave her spare iBurps modem and router to take to work. Thankfully she has left that fruitcake of a company.
seems more like your wife was ineffective in telling the company how the policies were hindering her doing her work. i can't imagine a company would deny access where you can prove it has a genuine business case. i've done it before at a number of companies.
The_Unbeliever
Honorary Master
Ja, happened at my company as well when I installed Dansguardian. One of the rules was that it deny downloading of any executable file, or Word/Excel document.
Whenever somebody need to download an executable or Word/Excel doc from the Net, permission would be granted until the file was downloaded, then blocked again soon thereafter.
A lot of schlepp, but we didn't get any spyware then
There need to be a careful balance between what is needed and what is not needed.
Whenever somebody need to download an executable or Word/Excel doc from the Net, permission would be granted until the file was downloaded, then blocked again soon thereafter.
A lot of schlepp, but we didn't get any spyware then
There need to be a careful balance between what is needed and what is not needed.