Re: i-cap proposals

[ArkanoiD <ark () eltex net>]

So, again: it is often (not always ;-) more affordable for small companies
to have less restricted environment rather than to pay more to employees 
who agree to work in more restricted one or to create a compartment mode
network for personal needs.

And - if that's the way things are done - there should be the way to
deal with inevitable (in less restricted environment) attack vectors 
to minimize risks. Say, applying in-transit inspecting proxy ;-)

(although, having a couple of workstations like "on-site internet cafe"
is better idea)

On Tue, Feb 22, 2005 at 11:25:24AM -0500, Paul D. Robertson wrote:
> On Tue, 22 Feb 2005, ArkanoiD wrote:
>
> > That depends on network AUP much. Don't know for US but here in Russia the
> > most common privacy policy is not to interfere with employees personal
> > communications unless there is a pretty explicit reason for investigation.
>
> Since I generally do incident response, forensics and the like, I tend to
> see more "explicit reasons" than most.
>
> > It is considered unethical. Company's security service should be legally
> > allowed to, but not on the will.
>
> I prefer to keep things separate so that such issues don't happen.  I've
> seen way too much "personal" stuff on company machines that shouldn't have
> been there.  I've also had to deal with the "co-worker walked past when
> the offensive e-mail popped up" stuff too.
>
> > > However, I will categorically state that the places I've been where folks
> > > don't allow personal access and where they do monitor for compliance have
> > > significantly less "recreational" activity going on during business hours.
> > > But then those places don't have issues with non-compliance because they
> > > don't change the policy if it isn't popular, they change the employee if
> > > they can't comply.
> >
> > Things are not always that simple. Speaking for me, working in environment where
> > i am not allowed to do recreational things on my workplace and communicate to outside
> > should at least double my income to be acceptable.
>
> I always negotiate this explicitly, but that's then part of the policy-
> not an exception to it.  I've had the chance to make lots more money
> working in much more restrictive environments, and decided to decline- but
> that doesn't mean those environments should change their policies to be
> more liberal to attract me.
>
> > Compartment mode systems are sometimes cheaper ;-)
>
> Sometimes, but that's up to the policy.  The thing is that it's not
> necessarily inherently bad to limit such access, and it's probably always
> bad to change a policy because of popularity rather than risk, business or
> other driving reasons.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal opinions
> paul () compuwar net       which may have no basis whatsoever in fact."
>
>
> email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com 
>
> [host=TEST]

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards