Slashdot Mirror

← Back to Stories (view on slashdot.org)

Has Corporate Info Security Gotten Out of Hand?

Posted by Cliff on from the proper-security-is-like-walking-on-monowire dept.

KoshClassic asks: "What is the right balance between security and productivity, in the corporate IT environment? Looking back at my company, 10 years ago, our machines were connected directly to the Internet, no proxy, no firewall, no antivirus software. Today, my company's proxy server blocks access to: 'bad' web sites (such as Google Groups; our 'antivirus' software prevents our machines (even machines that host production applications) from carrying out legitimate functions, such as the sending of email via SMTP; and individual employees are forced to apply security patches with little or no notice, under threat of their machines loosing network access, if they do not comply by the deadline. On one hand, you can never be too secure, however on the other hand, have we become so secure that we're stifling our own ability to get things done? What is the situation like at other companies?"

1 of 466 comments (clear)

  1. Re:Technology by hackstraw · · Score: 1, Troll

    I think overall mankind's productivity has increased thanks to the technology. I can't say if the IT world would be more convenient if 95% of us were using Linux.

    I believe that CAD, CAM, robots, genetic engineering of crops, and assembly lines has much more to do with it. Well, I guess all of those things are technology. I love Linux. It has more creature features than "real" unix OSes. FreeBSD 4.9s 'ls' still does "ls -ke
    ls: illegal option -- e
    usage: ls [-ABCFGHLPRTWabcdfghiklnoqrstu1] [file ...]"

    Thanks for reciting the alphabet for me, it only took 4 tries to find an illegal flag.

    As car thefts become a norm, we must lock our cars, when that's not enough, we need to put on the steering lock, alarm, then immobalizer, and now the security datadot. However, I think overall we do benefit from the introduction of vehicles.

    Its much easier to drive a car nobody wants to steal an leave the key in the ignition. I did it for years.

    If corporate security is anything like the government security that I'm familiar with, its all a joke.

    Password rules and changes are a joke. I never even use funky characters or upper case. If I can't type my password with one hand, its too much. I have had probably thousands of brute force ssh attacks with many users that I have no password rules on, and never had a breakin. Breakins happen primarily from buffer overflows (I have not had one, yet).

    I work at a government research facility and the security is a joke. They relaxed the RFID locks on the doors so that you do not have to scan out. I believe its more suspicious to not be able to get out of a building than in. Especially if they have bags and junk on them. People politely open the door for people. Windows boxes still get owned. All the same crap.

    I thought about this today. People are scared and lock their doors at home (I don't) and their car doors, but they are too stupid to buy a gun to defend themselves, their family, and their property.

    They practically walk naked down the street, but armor up in their car. A guy I work with just got a new car, and I said that I wanted to steal it, and he said I couldn't because of all of the alarms and whatever gizmos were installed. I said that I could clock him and be off in 20 seconds. He didn't want to try me on that.

    If you look on the net, its almost scary what you can buy. Cell phone records, boat purchases, aircraft purchases, address lookups, real estate purchases, basically anything. When I saw the boats and aircraft, I thought about trying to pick their pockets for something. Any ideas?