Firewall Wizards mailing list archives
Re: i-cap proposals
From: ArkanoiD <ark () eltex net>
Date: Tue, 22 Feb 2005 19:17:10 +0300
So, again: it is often (not always ;-) more affordable for small companies to have less restricted environment rather than to pay more to employees who agree to work in more restricted one or to create a compartment mode network for personal needs. And - if that's the way things are done - there should be the way to deal with inevitable (in less restricted environment) attack vectors to minimize risks. Say, applying in-transit inspecting proxy ;-) (although, having a couple of workstations like "on-site internet cafe" is better idea) On Tue, Feb 22, 2005 at 11:25:24AM -0500, Paul D. Robertson wrote:
On Tue, 22 Feb 2005, ArkanoiD wrote:That depends on network AUP much. Don't know for US but here in Russia the most common privacy policy is not to interfere with employees personal communications unless there is a pretty explicit reason for investigation.Since I generally do incident response, forensics and the like, I tend to see more "explicit reasons" than most.It is considered unethical. Company's security service should be legally allowed to, but not on the will.I prefer to keep things separate so that such issues don't happen. I've seen way too much "personal" stuff on company machines that shouldn't have been there. I've also had to deal with the "co-worker walked past when the offensive e-mail popped up" stuff too.However, I will categorically state that the places I've been where folks don't allow personal access and where they do monitor for compliance have significantly less "recreational" activity going on during business hours. But then those places don't have issues with non-compliance because they don't change the policy if it isn't popular, they change the employee if they can't comply.Things are not always that simple. Speaking for me, working in environment where i am not allowed to do recreational things on my workplace and communicate to outside should at least double my income to be acceptable.I always negotiate this explicitly, but that's then part of the policy- not an exception to it. I've had the chance to make lots more money working in much more restrictive environments, and decided to decline- but that doesn't mean those environments should change their policies to be more liberal to attract me.Compartment mode systems are sometimes cheaper ;-)Sometimes, but that's up to the policy. The thing is that it's not necessarily inherently bad to limit such access, and it's probably always bad to change a policy because of popularity rather than risk, business or other driving reasons. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com [host=TEST]
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: i-cap proposals, (continued)
- Re: i-cap proposals ArkanoiD (Feb 14)
- Re: i-cap proposals Carson Gaspar (Feb 19)
- Re: i-cap proposals ArkanoiD (Feb 19)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 22)
- Re: i-cap proposals Paul D. Robertson (Feb 22)
- Re: i-cap proposals ArkanoiD (Feb 14)
- Re: i-cap proposals Julian Gomez (Feb 22)