[LINK] Security vendors advocating workplace net bans
Thu, 21 Mar 2002 10:15:18 +1000
Robert, agree violently! Another thought occurred to me as I read your
message: I sit here with a PC and a (crappy Cisco) IP phone sharing the same
connection ... so in the corporate spook view of the world, the (cC) IP
phone can connect to the Internet without restriction, but I should go to a
special terminal to read a Website?
And I'll make a prediction here: the sorts of people trying to sell
control-freakisms to tech-ignorant bosses will, within a year, be pitching
the need to snoop on IP telephony, to ensure that I'm not using my (cC) IP
phone to expose company secrets.
<Regrettably, the ignorant Reuters piece was run, unedited, on ZDnet.au
yesterday. Doesn't ZDnet have any lurkers?>
('scuse my creeping obsession about cC IP phones, but I'm so damn sick of
this phone system. Give me a competent operator and a manual switchbard,
gotta be better than echos, bad audio, lost calls, waiting several seconds
on pickup before the server actually connects me, etc. Cisco is just the
Microsoft of infrastructure.)
> -----Original Message-----
> From: firstname.lastname@example.org [mailto:email@example.com]
> Sent: Thursday, 21 March 2002 09:02
> To: Richard.Chirgwin@informa.com.au
> Cc: firstname.lastname@example.org
> Subject: Re: [LINK] Security vendors advocating workplace net bans
> On 20 Mar, Chirgwin, Richard wrote:
> > et_security_dc_1&cid=582
> > The workplace Internet is a far more complex creature than
> is given out by
> > this story. I certainly hope the local press don't suck
> this sort of stuff
> > down without giving it some critical thought.
> Unfortunately, critical thought (or more usefully analysis)
> appears all
> too frequently to be in short supply in most places.
> Attempting to solve issues that are fundamentally social
> using a purely
> technical solution is as sensible as pissing into the wind.
> Having worked with companies on 3 continents, I am no longer surprised
> when people advocate technological solutions to social issues (and
> almost every complex issue is a social issue - purely
> technical problems
> are rare).
> * Site security is a social issue far more than a technical issue.
> Unless an organisation's security policy has at minimum the grudging
> understanding of staff, they WILL bypass it - and about 80% of all
> security compromises are from internal sources, Nimda, Code
> Red, Lion
> et al not withstanding (something this article does hint at).
> Whilst it is certainly possible to have a mail server screen for
> certain types of attachment, IT savvy staff that want to bypass this
> will find ways to do so - and that solution will spread to all
> other stadd faster than a bushifire in a hot north wind.
> Unless staff are involved and 'own' the solution, the 'gradual
> adjustment' mentioned in the article will camoflage significant
> non-compliance. Apart from the loss of personal utility
> (like cutting
> off personal local calls), if staff are not consulted, it is quite
> probable that a legitimate business activity will be interrupted by
> simply implementing such a policy.
> Imposing solutions by fiat rarely works (or at least rarely works the
> way it was intended).
> Robert Hart email@example.com
> Strategic IT & open source consulting +61
> (0)438 385 533
> Brisbane, Australia http://www.interweft.com.au