Firewall Wizards mailing list archives

Re: httport 3snf

From: Al Potter <apotter () icsalabs com>
Date: Tue, 22 Oct 2002 10:49:02 -0400

Robert:

rmartin () fishburne org said:

This is a military School for 8-12 graders.. The key here is
disipline.


I've been lurking quietly on this thread for a few days, waiting for you 
to weigh back in as you have here.  I strongly suspected what you say 
above to be the case.


You have a policy / discipline / supervision issue.  The firewall (or 
other security device) can never enforce compliance with this type of 
policy 100% (there's always a smarter hacker), but it can make deviation 
more difficult, and provide an audit trail to assist the supervisor in 
detecting and documenting policy violations.  This brings the problem out 
of IT and back into its proper realm, personnel supervision.  People set 
policy, have the discipline (or not) to follow policy, and supervise / 
enforce compliance with policy.

Being in a military environment (and I have 9 years of active duty Army in 
my past), you may have the luxury of what would be (viewed in many 
corporate environments as) a draconian policy and enforcement environment. 
 "$FOO is verboten.  First time offenders will be counseled in writing.  
Second time offenders will loose privileges for X days.  Third time 
offenders will be...."

Being in an educational environment, you have a challenge and IMHO 
responsibility to educate these young people as to WHY the policy is there 
(there IS a reason, right?).  I'd recommend you take a look at Winn 
Schwartau's book: Internet_&_Computer_Ethics_for_Kids_(and_Their_Parents_&_
Teachers_Who_Haven't_Got_a_Clue).  It's designed to teach exactly these 
kinds of lessons to exactly your target audience, and does a decent job of 
discussing the issues.


In short:

        - Write a policy
        - Brief and educate your users on the issues, ethics and the policy
        - Empower the supervisors to monitor compliance and enforce the policy

The Firewall only helps with the last one.



Hope this helps....



AL
-- 
+------------------------------------------------------------------------+
| Al Potter                                                              |
| Manager, Network Security Labs                                         |
| ICSA Labs                                         apotter () icsalabs com |
| www.icsalabs.com                                PGP Key ID: 0x58c95451 |
+------------------------------------------------------------------------+

Attachment: _bin
Description:

Current thread:

Re: httport 3snf, (continued)
- - - Re: httport 3snf Ryan M. Ferris (Oct 21)
    - Re: httport 3snf Paul D. Robertson (Oct 21)
    - Re: httport 3snf Duncan (Oct 22)
    - Re: httport 3snf Paul D. Robertson (Oct 22)
    - Re: httport 3snf Duncan (Oct 22)
    - Re: httport 3snf Paul Robertson (Oct 22)
    - Re: httport 3snf R. DuFresne (Oct 22)
    - Re: httport 3snf Robert E. Martin (Oct 22)
    - Re: httport 3snf Paul Robertson (Oct 22)
    - Re: httport 3snf m p (Oct 22)
    - Re: httport 3snf Al Potter (Oct 22)
    - Re: httport 3snf Duncan (Oct 22)
    - Re: httport 3snf Paul Robertson (Oct 22)
    - Re: httport 3snf Kyle R. Hofmann (Oct 23)
- RE: httport 3snf Dawes, Rogan (ZA - Johannesburg) (Oct 21)