Slashdot Mirror
Has Corporate Info Security Gotten Out of Hand?
KoshClassic asks: "What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. On one hand, you can never be too secure, however on the other hand, have we become so secure that we're stifling our own ability to get things done? What is the situation like at other companies?"
The issue is draconian policies like arbitrary blocking of sites like Google Groups.
How can blocking Google Groups be seen as draconian. They have no place in a responsible workplace. They are only filled with warez requests, AOL Me Toos, kiddie porn and hentai anyway. For example as part of my job monitoring proxy logs I have reported a few people for browsing incest stories on groups before we just blocked it outright.
Windows workstations are designed to be insecure and as a result they need "draconian" protection put in place to ensure things don't get out of hand. Windows is prone to viruses, spyware and hijacking into zombie networks, not only through email infestation but through people browsing to undesirable sites.
To protect your company it is very important to block these questionable sites to stop even one person inside the firewall catching something then spreading it to the rest of the net.
Why is SMTP blocked outgoing on most machines (or why *should* it be blocked? Because it's only use is to automatically spread viruses.
To the OP, put SNORT onto your network and look at what crappy traffic is actually flowing. For example at home I get close to 900 sober worm attempts per day on my ADSL connection from people at the same ISP.
Orationem pulchram non habens, scribo ista linea in lingua Latina
I think overall mankind's productivity has increased thanks to the technology. I can't say if the IT world would be more convenient if 95% of us were using Linux.
...]"
I believe that CAD, CAM, robots, genetic engineering of crops, and assembly lines has much more to do with it. Well, I guess all of those things are technology. I love Linux. It has more creature features than "real" unix OSes. FreeBSD 4.9s 'ls' still does "ls -ke
ls: illegal option -- e
usage: ls [-ABCFGHLPRTWabcdfghiklnoqrstu1] [file
Thanks for reciting the alphabet for me, it only took 4 tries to find an illegal flag.
As car thefts become a norm, we must lock our cars, when that's not enough, we need to put on the steering lock, alarm, then immobalizer, and now the security datadot. However, I think overall we do benefit from the introduction of vehicles.
Its much easier to drive a car nobody wants to steal an leave the key in the ignition. I did it for years.
If corporate security is anything like the government security that I'm familiar with, its all a joke.
Password rules and changes are a joke. I never even use funky characters or upper case. If I can't type my password with one hand, its too much. I have had probably thousands of brute force ssh attacks with many users that I have no password rules on, and never had a breakin. Breakins happen primarily from buffer overflows (I have not had one, yet).
I work at a government research facility and the security is a joke. They relaxed the RFID locks on the doors so that you do not have to scan out. I believe its more suspicious to not be able to get out of a building than in. Especially if they have bags and junk on them. People politely open the door for people. Windows boxes still get owned. All the same crap.
I thought about this today. People are scared and lock their doors at home (I don't) and their car doors, but they are too stupid to buy a gun to defend themselves, their family, and their property.
They practically walk naked down the street, but armor up in their car. A guy I work with just got a new car, and I said that I wanted to steal it, and he said I couldn't because of all of the alarms and whatever gizmos were installed. I said that I could clock him and be off in 20 seconds. He didn't want to try me on that.
If you look on the net, its almost scary what you can buy. Cell phone records, boat purchases, aircraft purchases, address lookups, real estate purchases, basically anything. When I saw the boats and aircraft, I thought about trying to pick their pockets for something. Any ideas?
That's not a problem with technology. That's a problem with a legal system that's feeble against protecting free speech and free expression.
So what if you're looking at hardcore pornography at work? It's of no concern to any coworker of yours who might happen to notice while he or she is walking. Of course, your manager may get angry at you for wasting company time. But nothing about the act of you looking at midgets sucking on horse cock, for instance, is truly harmful to anyone.
Cyric Zndovzny at your service.
Why not? Production machines need to be able to mail their owners about problems. Desktops need to be able to send mail. Both might just not be Windoze machines able to talk to your crappy, virused out Exchange "server".
Not accepting SMTP requests from desktops is just another workaround to M$'s really shitty security that won't work. The virus writers will figure out how to use the exchange server through 2k worth of API calls before the ability comes to either of the uses you deride.
I'm willing to bet they think it's [applying "security patches" that break everything else] important...no one lets themselves in for a shitstorm voluntarily just 'cos it's, you know, second Tuesday of the month.
Can you imagine that mindlessly applying "patches" that never seem to really improve security but manage to make machines stop working is a bad idea? What's important to you should be that people and machines do what they are supposed to.
I'm lucky so far -- it's a small company, people are well-behaved, and I don't have to implement the policies you describe.
It's not the users. Think about it and tell me why you have never heard of such problems in places that use Macs. Don't tell me that it's because graphic designers are better behaved or know more about computers than the rest of us. Well, they do know better than to use computers that need and Administrator like you.
Friends don't help friends install M$ junk.