Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Allowing access to social networking... securely?

From: no () dot no
Date: Fri, 22 May 2009 15:03:42 -0600
Patrick, good response. But I wonder about this..
"The OP's suggested risk vector - malware infested proxy sites isn't even
the worst one introduced. I've seen places where blocking has induced
users to use bypass mechanisms including:

- Separate dialup connections
- USB Wifi piggy-backing on nearby offices' signals
- SSH tunneling
- VPN connections out to a machine acting as a proxy (home PC for example)
- GoToMyPC or equivalent to a machine acting as a proxy"

If you have a user that will violate corporate policy by circumventing systems put in place, that is an HR issue. The 
examples you site, we block. We're incredibly concerned about data leakage being in the financial industry. Maybe those 
systems aren't needed in all forms of business. 

I'm of the belief that we all choose where we work, and we all play by the rules laid out by mgmt. We can choose to 
play along, or not. Those measures aren't put in place to make people's work environment less fun. They're done for the 
well being of the company. It only takes one person to leak out sensitive data, emails, etc and create a potentially 
bad situation.

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: