Firewall Wizards mailing list archives
Re: httport 3snf
From: "Ryan M. Ferris" <rferris () rmfdevelopment com>
Date: Mon, 21 Oct 2002 16:00:08 -0700
Paul: Great Comments! But is this really realistic?:
If tunneling is (a) against policy, and (b) requires active and considered engineering to achieve, then the technology has done its part. After that, it's a monitoring and enforcement issue, not a firewall issue. If you can show active anti-policy malice in achieving the connection- then it's time to move into the penalty phase.
[Bigger question coming...] At what point does monitoring and enforcement become unrealistic? In Robert's case, he could be the network administrator of thousands of individually configured Windows laptops running some kind of tunneling. It could end up as pervasive as napster. Isn't the penalty phase really just reserved for very criminal cases?! I have worked at some pretty big places. My experience was always that you would have to do something really bad to reach "penalty phase" - a hand slap usually at most. If you had ten users doing something against policy, you didn't get ten "penalty phases", you got a meeting with your boss to help provide alternate functionality so there were no deskptops users "against policy". For example, if AIM and ICQ were bad, I can imagine a mandate to provide secure messaging or else the masses might riot. It is true the security groups had more power to slap hands than us network/desktop administrators types - but we usually took more "user heat" for reduced functionality. Ryan _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- httport 3snf Robert E. Martin (Oct 21)
- Re: httport 3snf Devdas Bhagat (Oct 21)
- Re: httport 3snf Christopher Hicks (Oct 21)
- Re: httport 3snf Ryan M. Ferris (Oct 21)
- Re: httport 3snf Christopher Hicks (Oct 21)
- Re: httport 3snf Ryan M. Ferris (Oct 21)
- Re: httport 3snf Christopher Hicks (Oct 21)
- Re: httport 3snf Paul Robertson (Oct 21)
- Re: httport 3snf Ryan M. Ferris (Oct 21)
- Re: httport 3snf Paul Robertson (Oct 21)
- Re: httport 3snf Ryan M. Ferris (Oct 21)
- Re: httport 3snf Paul D. Robertson (Oct 21)
- Re: httport 3snf Duncan (Oct 22)
- Re: httport 3snf Paul D. Robertson (Oct 22)
- Re: httport 3snf Duncan (Oct 22)
- Re: httport 3snf Paul Robertson (Oct 22)
- Re: httport 3snf R. DuFresne (Oct 22)
- Re: httport 3snf Robert E. Martin (Oct 22)
- Re: httport 3snf Paul Robertson (Oct 22)
- Re: httport 3snf m p (Oct 22)
- Re: httport 3snf Al Potter (Oct 22)