Full Disclosure mailing list archives
RE: End users as security devices
From: "Daniel Sichel" <daniels () Ponderosatel com>
Date: Thu, 9 Jun 2005 10:18:23 -0700
Praise be to God for the User! They are powerful! They are trainable! They
are my BEST defense! There. I fell better now.
You are onto a good thing and make a good point. At my last job the organizatios CAO insisted that security not block ANYTHIHG any user wanted, IM, HTML mail, streaming audio, flash, even desktop SMTP servers (no, I am not making this up). He also wanted NO passwords (hard to remember, don't you know) but I talked him into at least requiring weak ones. What a mess, viruses everywhere, keystroke loggers, malware sucking up bandwidth and of course crash craah crash, why is my app runnning slow? Naturally this mess was MY fault, had nothing to do with the policy. Fast forward, I now work at a telephone company, discplined work practices are ingrained and a MUST. Management believes in security and allows my boss, the IS manager to set policies that everyone up to, and including the owner, religously adheres to. My boss is dedicated to providing full end user functionality but doing it securely. Result, our machines hum, we are NEVER down, there is no spam and I can barely remember the last virus I saw. This all works ONLY because end users know and RESPECT the rules and actively support keeping our WAN secure. Don't lose faith, don't give up, keep explaining, and training. You CAN make end users proactive participants in enterprise security. Just remember, there will always be a few intellectually challenged folks who need a bit of extra mentoring. Try to be patient, and NO, you can't put handicap placards on computers used by those with IQs below 90, sorry. Dan Sichel Network Engineer Ponderosa Telephone daniels () ponderosatel com (559) 868-6367 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: End users as security devices Daniel Sichel (Jun 09)
- Re: RE: End users as security devices Ron DuFresne (Jun 13)
- Re: RE: End users as security devices Valdis . Kletnieks (Jun 13)
- Re: RE: End users as security devices Ron DuFresne (Jun 13)