Security Basics mailing list archives
RE: Providing Visitor Access
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Tue, 10 Dec 2002 09:56:17 -0500
-----Original Message----- From: Sinha, Amitabh (Amit) [mailto:asinha3 () agere com] Sent: Monday, December 09, 2002 11:21 AM To: 'CTillett () harcourt com'; wbjw () mindspring com Cc: jon kintner; Rick Darsey; security-basics () securityfocus com; ssgill () gilltechnologies com; wbjw () mindspring com Subject: Providing Visitor Access This brings up some interesting questions. Would there be any legal issue with allowing open access from within your company (for this restrictive network)?
Absolutely. Anything done within your network you can potentially be held liable for. Harrassment, stalking, porn, hacking, spam, etc. It's a due diligence thing and many companies, especially those under Grahm,m Leach Bliley and HIPAA have serious responsibilties and consequences. Also, there are some potential new issues regrading liability for Wireless networks, whether privately or publicly available (incl. the home users). There was an article in Wired yesterday on that. Is web
type access going through a proxy that is filtering? (Could the company be liable if something illegal is done from the company owned IP space (child porn etc.)?
Absolutely. Child porn is a felony period - any instance must be reported to LEO. Regular porn can set up an environment of sexual harrassment and leave you open to lawsuits from your own employees,etc.. You are responsible for your users actions to some extent. This depends on due diligence, security measures in place, etc....but it comes down to what a jury thinks in a civil case. I wouldn't want to take it that far, especially when you will probably lose or settle and either would cost a bundle. Prevention is best. Now think also about if someone takes your confidential, say medical info, files and send them out on the Internet....how liable do you think you would be and what kind of award do you tink the jury would give out??? Unrestricted Internet access is NOT due diligence. Any due diligence
issues?? OR if a visitors information is stolen from the Internet while they were connected from this unrestricted vlan?)
Unrestricted anything is not a wise policy. Why do users need unrestricted Internet access? So they can check their personal e-mail, download music (copyright violations), surf, shop, waste time, money and bandwidth, gamble, chat??? Users should be restricte to AUTHORIZED websites that are for BUSINESS USE only. Use something like surfcontrol or websense to monitor and restrict internet access.
Are more and more companies providing this type of unrestricted access to their visitors?
Absolutely not! Companies are restricting visitors access!! Why would you give a visitor access to your network and your Internet access? You don't know them, you haven't background checked them. You shouldn't allow most of your own employees this unrestricted access so why grant it to a stranger. How do you know thisperson isn't stealing confidential info, installing unauthorized software, etc.? More companies are realizing they are liable and are restricting access across the board, not opening it up. How are others doing
this? Is there an industry standard or a general practice ... Thanks, Amit -----Original Message----- From: CTillett () harcourt com [mailto:CTillett () harcourt com] Sent: Thursday, December 05, 2002 10:25 PM To: wbjw () mindspring com Cc: jon kintner; Rick Darsey; security-basics () securityfocus com; ssgill () gilltechnologies com; wbjw () mindspring com Subject: RE: Preventing DHCP from allocating IPs We are dealing with this right now. We are creating an "area" on each floor that visitors can use. The ethernet ports in these areas will be using a private vlan that provides IP connectivity and Internet access only. These areas are ACL'ed off from our enterprise network. It is not perfect, but since we have good physical security and all other ports on the switch are disabled by default, it allows our vendors to use our network as a transport service only. I hope this helps a little. Chris Tillett
********************************************************************** This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email. **********************************************************************
Current thread:
- Providing Visitor Access Sinha, Amitabh (Amit) (Dec 09)
- <Possible follow-ups>
- Re: Providing Visitor Access CTillett (Dec 09)
- RE: Providing Visitor Access Robinson, Sonja (Dec 10)