Firewall Wizards mailing list archives
Re: Blocking Google Talk
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 27 Jun 2006 10:35:09 -0400 (EDT)
On Tue, 27 Jun 2006, James wrote:
Does anybody know of legal implications associated with this kind of filtering ? A lot of organisations now allow users to bank online via the orgs internet infrastructure as it is benefical to both parties.
They depend heavily on jurisdiction, policy, notification and regulation. (I'm not a lawyer, I don't play one on the 'Net...)
If you are doing analysis on a mitm ssl stream you will potentially collect every users banking credentials. Would you have to redirect ssl connections to a web page that advises them of this ? I could see
So long as your policy spells this out and users (including visitors, contractors, etc.) have all seen the policy, you're generally covered. If you have traders, my understanding is that you're mandated to monitor all wire traffic by the SEC.
that the banks would also like to be advised if you are planning to do this and they more than likely will block access from organisations partaking in this strategy. Banks are just the primary example.
As far as I know, nobody's applied a two-party consent state's laws to Internet monitoring. It's likely though that such an effort would fail, given the long-term implications such a decision would cause. In any case, the company owns the equipment and network, so I'm not sure the bank would have a case in attempting to tell the company what it could and couldn't do with its own equipment and networks. End-user or consultant-owned equipment should be handled by policy and/or contract (preferably contract for enforcability IMO.) My current pet legal theory is that making the policy a requirement for network access gives it enough consideration to fall under contract law, hopefully we'll never have to find out... My clients generally end up with a policy review fairly early on, and I usually end up re-writing a lot of it, then they have their counsel review it and if they're following my recommendations, all employees sign and return a copy of the policy. We make efforts to ensure that the policy is applied correctly and that exceptions are handled as needed to be sure the organization has the right sorts of protections in place. My views are US-centric, since I've only dealt with US-based clients for policy writing and US and Canadian clients for policy issues. I've just spent a fair amount of time going over personal use issues with one of my clients, rewriting their policies to account for it (where management was at least a little worried that allowing it in policy could hurt them- the opposite of reality IMO.) We didn't get any push-back from the lawyers, and so far everyone's been accepting of the new policy, as it was explained rationally and reasonably as they were provided with copies to sign. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." http://fora.compuwar.net Infosec discussion boards _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Blocking Google Talk, (continued)
- Re: Blocking Google Talk Phil Trainor (Jun 20)
- Re: Blocking Google Talk Frank Knobbe (Jun 19)
- Re: Blocking Google Talk Paul D. Robertson (Jun 19)
- Re: Blocking Google Talk Frank Knobbe (Jun 19)
- Re: Blocking Google Talk R. DuFresne (Jun 20)
- Re: Blocking Google Talk Devdas Bhagat (Jun 20)
- Re: Blocking Google Talk Frank Knobbe (Jun 20)
- Re: Blocking Google Talk Dale W. Carder (Jun 21)
- Re: Blocking Google Talk Oliver Humpage (Jun 21)
- Re: Blocking Google Talk James (Jun 27)
- Re: Blocking Google Talk Paul D. Robertson (Jun 27)
- Re: Blocking Google Talk Frank Knobbe (Jun 19)
- Re: Blocking Google Talk Devdas Bhagat (Jun 21)
- Re: Blocking Google Talk Jon Czerwinski (Jun 21)
- Re: Blocking Google Talk Jim Seymour (Jun 21)