Firewall Wizards mailing list archives
Re: i-cap proposals
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 22 Feb 2005 09:23:58 -0500 (EST)
On Tue, 22 Feb 2005, ArkanoiD wrote:
nuqneH, Unfortunately there is not always possible to have compartment mode network with dedicated "communication" desktops. Small companies cannot afford that.
Sure, but small companies also cannot afford downtime to the same extent that large companies can.
And there is an administrative problem: things that everyone needs but people do it "inofficial" way. People _do_ need personal communications, instant messaging
There's a significant difference between need and want- and given the ubiquity of cell phones in most work environments, "need" for personal e-mail simply isn't true. "Want" very much is, but you're not being paid to read jokes, flirt and delete your home spam collection while you're at work.
and email, disallowing it completely makes users feel uncomfortable and definitely does not contrbute to healthy athmosphere unless there are really high security requirements (in which case they get paid for it). But - management is unlikely to invest much into such matters of personal comfort.
I've been in environments where it's been disallowed, and I've been in environments where it's allowed- in neither case was it the deciding factor in workplace comfort- generally there are larger issues at work there. Your risk to malcode goes up. Your risk to hostile workplace suits goes up, your risk to operational work not getting done goes up- there has to be an offsetting benefit or it's not worth while to allow- "people want it" isn't quantifyable, and doesn't meet that standard.
Most companies do allow it anyways, so a solution should be.
Again, not necessarily because they meant to allow it.
People DO play at work. Ignoring the problem (they should not, so that is not a problem) seems plain unwise it most cases.
Authorizing it is also unwise.
I'd yet to see a company where CEO is not allowed to get his yahoo mail ;-)
I know of one USD$4.5 billion company where the CEO wasn't allowed to IM his kids in college, despite the politics involved because the BOFH at the firewall didn't allow IM. ;) When I asked for a business case justification, the assorted posterior worshiping minions had a collective heart attack. I didn't give ground, and the CEO went un-IMed for as long as I was there.
P.S Yes, sure i've seen many companies where people are not allowed to use external mail servers. Almost 100% of them just forced people to use business addresses for personal communications this way (although that was not formally allowed) and i do not think this makes any difference.
Then you've likely never had to deal with hostile workplace lawsuits, employee termination for non-performance issues, privacy issues during an investigation of malice, or a host of other things where the systems belonging to the employer make the security administrator's job significantly easier. Also, note that for most workplaces, the AUP takes away privacy protections on the network- suddenly opening your personal communications to increased scrutiny and decreased legal protections. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- i-cap proposals ArkanoiD (Feb 11)
- RE: i-cap proposals lordchariot (Feb 12)
- Re: i-cap proposals ArkanoiD (Feb 14)
- Re: i-cap proposals Carson Gaspar (Feb 19)
- Re: i-cap proposals ArkanoiD (Feb 19)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 14)
- RE: i-cap proposals lordchariot (Feb 12)
- Re: i-cap proposals Julian Gomez (Feb 22)