Re: Inputs appreciated

[Philip Storry <phil () philipstorry net>]

Hello Rodel,

Thursday, January 9, 2003, 3:12:56 PM, you wrote:

RC> Don't know if this is the right place to post this. Are the out of
RC> office messages inviting hackers to attack your corporate network?
RC> Is this a risk to your company if employees start using the Out of
RC> Office feature?

I don't feel that they are a serious issue. Out of Office agents are
more useful to those trying to socially engineer their way into your
organisation and its systems than they are any kind of technical
threat.

However, if you do feel that they are a problem, then I would suggest
that you look at implementing a procedure whereby holidays should
require notification of the IT/IS teams, so that the user's accounts
can be disabled for the duration of their absence. That may be a wise
precaution of the user would have no remote access anyway.

Of course, for homeworkers/teleworkers it may be seen as a bit of a
pain, so for them I would advise consultation with their boss to
determine whether or not their accounts would be disabled. If they're
in tahiti for a month, then there's a good case for Yes. If they're at
home doing some DIY, then maybe not.

This is good in that they can still receive mail, but their account
cannot be used to access the email or other systems.

And let's not forget that some users hate you taking anything away form
them. You may have an uphill battle (politically) if you do try to ban
them.

RC> Any comments?

Yes - I think you should read Kevin Mitnick's "The Art of Deception".
Hopefully, it will clarify that this is more of a social than
technical problem.
:-)

-- 
Best regards,
 Philip                            mailto:phil () philipstorry net