Slashdot Mirror
Has Corporate Info Security Gotten Out of Hand?
KoshClassic asks: "What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. On one hand, you can never be too secure, however on the other hand, have we become so secure that we're stifling our own ability to get things done? What is the situation like at other companies?"
Software insecurity has gotten out of hand, and this is roughly what corporations must do in order to keep from getting pwnt too often.
In The Ghetto XXXI (Special Guest Star: Grandma Lockwood)
A burning wet fart scalded Vlad's colon and rectum as he twitched awake. Vlad laid in bed, shaking at the horrible images that had danced through his sleeping mind. Sweat streamed from his forehead, trickled through his greasy scalp and soaked his pillow. This had been the worst nightmare yet. Vlad had dreamt that he was married to a 400-pound bag of soul-sucking gelatin. Living in a double-wide trailer filled with Jerry Springer moments, his only joy was his two sexy sons.
Vlad slipped out of bed and tip-toed into the next room. There, Grandma slept peacefully, snoring and farting in her usual comforting way. Vlad slipped under the covers with her and immediately felt his sense of security return. Grandma always made everything better. A loud, low rumble escaped from her buttocks. Vlad pulled himself lower down the length of the bed so that his nose rested against Grandma's ass. He inhaled deeply as the gas wafted around him and put him back to sleep. Vlad savored every moment, even in his sleep, for he knew tomorrow the other kids in his class would remind him of his countless inadequacies.
* * * * * * * * *
Vlad belched forcefully, sending chunks of hamburger helper spewing out into the living-room. The orange plastic of the couch stuck to his fat pale legs and his stained briefs bathed him in a rich sampling of unique Lockwood odors. At the opposite end of the couch, Reza sat in her usual spot. The cushion was practically non-existent, compressed as it was from her unimaginable mass.
"Oh Vladdie-Pop, I'm so glad Grandma has come to stay with us since little Vaginez came along! It is so nice to have some help around the house!"
"Yo, you fat cunt, I'm trying to watch the new Eminem video. One more word outta you, and your fat ass'll be laid out on the fuckin' floor for the next month."
Reza quivered at the thought of another merciless beating by her dear Vladdie-Pop. The last time he had "corrected" her, she had spent 22 hours huddled in the shower, weeping as the scalding water pelted her rubbery body. She had lost a whopping 1/2 pound that day. She spent the entire next day eating, fearful of her body wasting away to further displease her beloved.
Reza's ruminations were interrupted by a terrible screeching from Marticock's Chamber. Vlad's fleshy head reddened with rage. He just wanted to watch television. Why did everything always have to work against him? He turned to Reza, with a terrifying scowl on his face. Reza felt a pang of terror shoot through her massive gut and she frantically dislodged herself from the indentation in the couch.
Reza thudded across the double-wide's paper-thin floors, "Grandma! Grandma!"
Grandma Lockwood was sitting on the toilet relieving herself of the Metamucil she had consumed for breakfast, "don't worry, dear, I'll take little Marticock out for a nice walk and he'll be fine!"
"Oh Grandma," Reza blubbered.
Grandma Lockwood soaked a rag in some Clorox and cleaned her rump of the liquified feces that had spattered up from the toilet. She applied a thick coat of Johnson's Baby Powder and then pulled up her stockings. She flushed the toilet, which immediately backed up and spilled out over the floor.
"Reza, honey, you wanna clean up my shit while I take little Marticock for a nice walk?"
Reza was only happy to clean up in the bathroom. It would give her a purpose, a valid reason to be away from Vlad. Though she could never admit such a thing to herself, at a subconscious level she would do anything to avoid being with her Precious Love.
Grandma Lockwood prepared the grocery cart by throwing some used Taco Bell napkins in the bottom to make a nice nest for Marticock. She then lifted Marticock from his crib, careful not to agitate his pummelled rear, and placed him comfortably in the nest. She wrapped herself in her Eminem shawl - a Christmas gift from her grandson - and pushed Marticock out the door.
With Reza scrubbing fur
The issue is draconian policies like arbitrary blocking of sites like Google Groups.
How can blocking Google Groups be seen as draconian. They have no place in a responsible workplace. They are only filled with warez requests, AOL Me Toos, kiddie porn and hentai anyway. For example as part of my job monitoring proxy logs I have reported a few people for browsing incest stories on groups before we just blocked it outright.
Windows workstations are designed to be insecure and as a result they need "draconian" protection put in place to ensure things don't get out of hand. Windows is prone to viruses, spyware and hijacking into zombie networks, not only through email infestation but through people browsing to undesirable sites.
To protect your company it is very important to block these questionable sites to stop even one person inside the firewall catching something then spreading it to the rest of the net.
Why is SMTP blocked outgoing on most machines (or why *should* it be blocked? Because it's only use is to automatically spread viruses.
To the OP, put SNORT onto your network and look at what crappy traffic is actually flowing. For example at home I get close to 900 sober worm attempts per day on my ADSL connection from people at the same ISP.
Orationem pulchram non habens, scribo ista linea in lingua Latina
I think overall mankind's productivity has increased thanks to the technology. I can't say if the IT world would be more convenient if 95% of us were using Linux.
...]"
I believe that CAD, CAM, robots, genetic engineering of crops, and assembly lines has much more to do with it. Well, I guess all of those things are technology. I love Linux. It has more creature features than "real" unix OSes. FreeBSD 4.9s 'ls' still does "ls -ke
ls: illegal option -- e
usage: ls [-ABCFGHLPRTWabcdfghiklnoqrstu1] [file
Thanks for reciting the alphabet for me, it only took 4 tries to find an illegal flag.
As car thefts become a norm, we must lock our cars, when that's not enough, we need to put on the steering lock, alarm, then immobalizer, and now the security datadot. However, I think overall we do benefit from the introduction of vehicles.
Its much easier to drive a car nobody wants to steal an leave the key in the ignition. I did it for years.
If corporate security is anything like the government security that I'm familiar with, its all a joke.
Password rules and changes are a joke. I never even use funky characters or upper case. If I can't type my password with one hand, its too much. I have had probably thousands of brute force ssh attacks with many users that I have no password rules on, and never had a breakin. Breakins happen primarily from buffer overflows (I have not had one, yet).
I work at a government research facility and the security is a joke. They relaxed the RFID locks on the doors so that you do not have to scan out. I believe its more suspicious to not be able to get out of a building than in. Especially if they have bags and junk on them. People politely open the door for people. Windows boxes still get owned. All the same crap.
I thought about this today. People are scared and lock their doors at home (I don't) and their car doors, but they are too stupid to buy a gun to defend themselves, their family, and their property.
They practically walk naked down the street, but armor up in their car. A guy I work with just got a new car, and I said that I wanted to steal it, and he said I couldn't because of all of the alarms and whatever gizmos were installed. I said that I could clock him and be off in 20 seconds. He didn't want to try me on that.
If you look on the net, its almost scary what you can buy. Cell phone records, boat purchases, aircraft purchases, address lookups, real estate purchases, basically anything. When I saw the boats and aircraft, I thought about trying to pick their pockets for something. Any ideas?
That's not a problem with technology. That's a problem with a legal system that's feeble against protecting free speech and free expression.
So what if you're looking at hardcore pornography at work? It's of no concern to any coworker of yours who might happen to notice while he or she is walking. Of course, your manager may get angry at you for wasting company time. But nothing about the act of you looking at midgets sucking on horse cock, for instance, is truly harmful to anyone.
Cyric Zndovzny at your service.
Nope, I'm not a PHB and I'm certainly not like you suggest you are - a PFY.
I've been an IT professional since '78 and recently (last 10 years) I've seen way too many bad things happen with all the crud out there. As I said SNORT your network's ingress point to really see what's hapening out there. Then take a quick glance at your network's proxy logs to see some of the sicko sites some people visit during work hours.
In your case, if 90% of your solutions come from groups then you really should invest in some Cisco and Microsoft certification to teach you how to administer properly.
Relying on groups to keep your network operational indicates you should not be in that position.
Orationem pulchram non habens, scribo ista linea in lingua Latina
Heaven forbid a teen sees a pair of breasts, or even penile-vaginal penetration!
Spyware can be rendered useless through the use of Linux or *BSD-based systems. Besides, the students who use such a network will learn new skills, and be exposed to superior software. That's what computer education should be all about; exposing the youth of today the technologies that they probably won't find at home.
Cyric Zndovzny at your service.
Why not? Production machines need to be able to mail their owners about problems. Desktops need to be able to send mail. Both might just not be Windoze machines able to talk to your crappy, virused out Exchange "server".
Not accepting SMTP requests from desktops is just another workaround to M$'s really shitty security that won't work. The virus writers will figure out how to use the exchange server through 2k worth of API calls before the ability comes to either of the uses you deride.
I'm willing to bet they think it's [applying "security patches" that break everything else] important...no one lets themselves in for a shitstorm voluntarily just 'cos it's, you know, second Tuesday of the month.
Can you imagine that mindlessly applying "patches" that never seem to really improve security but manage to make machines stop working is a bad idea? What's important to you should be that people and machines do what they are supposed to.
I'm lucky so far -- it's a small company, people are well-behaved, and I don't have to implement the policies you describe.
It's not the users. Think about it and tell me why you have never heard of such problems in places that use Macs. Don't tell me that it's because graphic designers are better behaved or know more about computers than the rest of us. Well, they do know better than to use computers that need and Administrator like you.
Friends don't help friends install M$ junk.