Yes, it is. Any customer data is that important. For you to say that it is not is disrespectful to the customer, and clearly placing more value on your convenience than their privacy and security.
Unless you are telling me that you will condone a small amount of your personal details leaking as long as it facilitates an easier work environment for those employees? You willing to put up your financial data?
This is called a non-sequitur.
No, it is not. If you want to lower the state of corporate security just for the sake of convenience, than put up your data. What's good for the goose is good for the gander.
2) You're not seriously suggesting two workstations for each employee to allow them personal use on one of them?
Environments with high security and low security workstations at each desk are not uncommon.
They're extremely uncommon, nonsensical, and economically not viable. Now, my suggestion was non-sequitur and the fact you took it as serious is amazing.
Seriously, you have to be crazy if you are really suggesting that exists. Twice the usage of space on the desk, twice the cost, etc.
As for the employee... too fucking bad.
Precisely how I feel about the employer trying to slave drive his employees.
Who is slave driving?
All I am asking is that web browsing for personal affairs is not conducted on corporate equipment.
What next? I don't provide free catered food in the break room and I am a slave driver? I'm evil for not providing everything?
I don't know what else to say about that. Some employees work so hard they still need government assistance. I'm willing to bet though that if you are in a company that has networks and workstations, that your employees are not so freakin poor they can't afford a smartphone or tablet.
Then you need to get out more. There are, believe it or not, still people who deal with their money responsibly, and plenty of office workers who barely make enough to pay for food, rent, and ~10% savings on top of that.
More responsibly? That's a value judgement. You're saying that smartphones and tablets are irresponsible purchases, when more and more life is conducted on the Internet. I can see you a 100 years ago claiming that automobiles were irresponsible purchases.
I guess you just wanted to completely and totally ignore my suggestion of putting in a guest terminal in the breakroom? That would, you know, actually address and solve your problem. Employees on break could conduct the personal affairs they need to at no cost to themselves.
No, it's okay. You can keep ignoring that.
It is not a justification for hacking into people's HTTPS sessions, or otherwise covertly monitoring them. Those are solutions for invading people's privacy and fishing expeditions.
How many times do I need to say that I am not doing that !.
You just want to be obstinate. Your demand to do whatever the hell you want on corporate equipment must trump absolutely every argument that I have, and screw the customer. Their shit is not important, not according to you.
The guest wireless network is not monitored. No privacy is invaded. No HTTPS sessions are "hacked". Nothing. Nada. Zippo. Do what you want.
Installing MyCleanPC, and the subsequent ass-raping your PC will receive, is vastly more preferable than the mental-ass-raping you will receive by watching 2 girls 1 cup.
Thank you very much. I had almost forgotten about that travesty on the net. Thanks for freshening up those wounds for me.
Personally i like pot from the Ozarks myself, the rich soil gives it a nice peaty overtone with a lovely aroma, almost like being in a forest, quite lovely.
LOL.
Ok. Personally, I have never experienced this "mellow" pot that you speak of. Only the super strength stuff. Even just a small puff and I was ready to go Ocean's 11 on the Keebler Elf factory.
I get your overall point though and I have a strange desire to visit the Ozarks.
If your data security is that important, then utilise physically separate networks and workstations with an air gap.
1) Every companies data is that important. Unless you are telling me that you will condone a small amount of your personal details leaking as long as it facilitates an easier work environment for those employees? You willing to put up your financial data?
2) You're not seriously suggesting two workstations for each employee to allow them personal use on one of them?
Not every employer has a guest wireless. Not every employee has the means to use it.
Not my problem. I do provide it. It is not unreasonably expensive either. DD-WRT has guest network capability which can be used on commodity routers, and $250 dollars will get you an a very decent enterprise-like Netgear dual band access point capable of all of it.
As for the employee... too fucking bad. I don't know what else to say about that. Some employees work so hard they still need government assistance. I'm willing to bet though that if you are in a company that has networks and workstations, that your employees are not so freakin poor they can't afford a smartphone or tablet.
If it was a real issue, and not some hypothetical you created to tear down the whole guest wireless access as a reasonable solution, you could put a guest terminal in the break room.
I do, however, see a lot of people trying to conflate "security" with "not letting employees do anything that isn't work related".
You can't be serious?
Non work related personal sites can absolutely be a vector for malware. Personal email, especially so. Just what part of multi-billion dollar malware business do you not understand? Large scale espionage from foreign countries?
Restricting usage to only work related destinations is a huge mitigating factor. All I have to rely on at that point is the other companies having enough security. At the end of the day, if they screw up... yes we are at risk.
We are at a lot less risk by preventing FB/Twitter/Gmail/Some-Random-Entertainment-Site-Or-Blog though.
This does not have to be company wide either. For instance does the Marketing department really need access to customer data? Maybe some execs, but not the guys making the artwork. Let them have less restricted access since they usually have their own machines anyways and will not be connecting it to the corporate network, but their own network in their own department.
I honestly cannot understand how you can say I am conflating anything. It either means you are deliberately ignoring the risks to further an agenda to allow more "freedom" for employees or you are honestly unaware of the dangers and should not be responsible for security.
I'm not snooping on you. It's amazing how hard you want to fight yourself getting what you wanted in the first place.
It's meaningless fluff communication that is no different (or perhaps even less worthwhile) than nattering to a co-worker or family member.
An intimate embrace between two people it is not. More like a neurotic desire to reach out every 5 seconds and touch the person to make sure they are still there.
Once you start spending that much time per hour engaged in such activity, it becomes unhealthy and counter productive to life in general. Not just the job.
I honestly don't know if it is attributable to any one thing you mentioned, or really some sort of addiction. Curious to see a study on it.
It is NOT snooping to secure the network against data leakage. You seem to forget that the corporate network is not there to facilitate their personal lives. It is there to service customers.
I already brought it up with a supervisor that all I saw somebody doing was playing around with their phone all day instead of working. They were fired. Not because I said so, but because that was really what they were doing and their work performance clearly showed it. I didn't mention it after one day either. I waited 4 months before I mentioned something in passing.
As far as snooping into your personal life, the guest wireless is not monitored so your concerns are baseless. All I have done is to separate it and monitor/restrict the bandwidth usage. That's it. I do maintain a log of bandwidth usage against physical addresses, but that is only to see if there are any single connections taking away too much bandwidth. I don't log where it is going.
It is not reasonable, nor is it part of finding a balance, to use corporate equipment on corporate networks in a way that can endanger the company.
Don't forget about the untold number of customers that depend on the company to protect their data either.
Figuring out if an employee is using their time wisely is not my job. I just get upset when I see somebody clearly abusing the company. Of course, corporate america abuses employees, but at some point the professionalism needs to start somewhere.
I do also work in a nice place, in part, because of nice people in charge. Like myself.
While the company equipment is heavily restricted, personal equipment is not. That also has a side effect that it makes it very easy to spot who is taking a break and who is not, and for how long. It's more transparent.
I walk into the break room and there are always 4 or 5 people with tablets/phones reading or watching TV. That is possible safely because of me and my push to upper management.
It's not about trust. I don't trust the employees. That would be stupid. Do you trust a 5 year old to be able to take care of themselves, fix dinner, go to bed at a reasonable hour?
It's about respect. I respect that they are there to do their jobs and have as pleasant an experience at work that we can all make it. My job is to enable their job, while protecting their ability to do their job.
They won't understand the risks about web browsing, or whether or not we really are a target for espionage and data theft. They don't need to. All they need to understand is that I think there is, and I provide them an alternative so their lives are a little easier and more pleasant.
This is what I mean by unreasonable entitled douchebags. You prove my point.
What is so wrong about protecting the network from data leakage, AND GIVING YOU UNGRATEFUL BASTARDS A WHOLLY SEPARATE INTERNET CONNECTION TO CONDUCT YOUR PERSONAL AFFAIRS ON YOUR OWN DEVICES ?
It's amazing that my simple request to not do it in a web browser on the same company equipment that has access to customer data is seen as proof of my unholy alliance with corporate america and Satan.
The whole deal about how you don't have to worry about your data plans on your smartphones and tablets and connect up to a separate wireless network for all your Facebook, Pandora, Spotify needs was only created by instructions from the Dark Lord.
I sacrificed a small child one night, and me and The Unclean One came up with that little ditty.
Although, it was my idea to place several APs throughout the building and in the break areas to improve reception, and increase the bandwidth on the guest wireless so they could be better able to watch their TV shows at lunch in the break room.
The 'incapability' part is nifty customer service trick they use in order to avoid debate with their members. USAA routinely faxes me, a third party, both billing statements and insurance declarations pages when requested by the member.
Are you already authorized to conduct business with USAA? If you are a vendor or agency it would not surprise me if they are authorized to fax you stuff.
For some reason faxes are considered inherently more secure. Complete rubbish, but it is information still spread out there as fact.
Alcohol and pot are like dish soap and concentrated dish soap. They can both get you clean, but the concentrated stuff works faster and more efficiently.
That's the problem with pot. No middle ground. A couple of tokes and you are in the kitchen shoving everything into the microwave and staring at in awe for the next few minutes as the Giver of Life itself. At least with beer you can nurse a few for an hour and still remain reasonably intelligent.
I'm sure that just about anybody there would have sounded like a Nobel prize candidate after a case of beer. Of course you are from Canada, so it might take a lot more beer.
P.S - That's the real reason why pot is illegal. It's cheap, effective, concentrated stupid... and that's not good for Capitalism.
I don't do social networking of any kind. Slacker is on quite a bit, but is on my Verizon Wireless 4G connection, which is a separate device.
I sometimes take care of personal communications (txt messaging, emails, phone calls) while at work, but never on company equipment. Once again, separate device.
That was one of the questions I got when I told an executive not to connect his phone to the corporate network. He looked at me and said, "But yours is right?". Nope, showed him the wireless connection where I was connected to the guest wireless.
If I am taking a break, then yes, I might be on.... Slashdot for instance.
Keep in mind, I am not opposed to breaks. Just unreasonable breaks on company equipment. Spending over an hour per day (in addition to regular breaks) on your personal life and social network is not acceptable and I just don't see how it can be rationalized.
(i) Making sure that customer data does not leak out as a result of personal affairs being conducted by employees? (ii) Unreasonable amounts of hours wasted each week on social-networking that are far above and beyond whatever could be considered reasonable for breaks to increase productivity and company morale?
Sorry, but I work my ass off. While it is not my job to make sure you do yours, it does piss me off to no end when somebody spends the majority of their day screwing off on Facebook/Twitter/Whatever.
I don't like it when I walk around and see that happening.
There is a balance. 80+ minutes a day of social networking while you are supposed to be working is not a balance. It's not even healthy. Get up and walk around for a minute or two.
I'm not opposed to taking breaks every once in awhile, but lately I have been running into people that... well... act like addicts.
I watch them. It's more like 25 minutes out of every 60 since they are literally switching to Facebook and Twitter every minute to see if something has changed.
Like rodents constantly hitting the pedal to get a treat or something.
It may be some form of cognitive dissonance that allows them to see wasting that much time communicating with their friends as acceptable, when voice communication at the level would not be.
Workplace climates are already going downhill faster and faster.
Please don't get me wrong, I am not supporting asshole companies sucking the life out of employees by paying them less and less, expecting more and more sacrifices, all while siphoning the money away for rich, useless, fucking wastes of space that are the upper executives in most very large companies. Boy have I known some.....
You should be able to have a balanced life and not need to conduct personal affairs at work.
As the CTO, I need to balance so many things. In this instance all I am trying to balance is security versus usability. I need to take very strong measures to prevent data leakage and be aware of it at least after the fact.
That's why I offer paths of least resistance. It's about the wisest thing I do, or at least I think I do. Personally, I don't care what you do at your desk. It's your responsibility to get your tasks done in the time allotted. All I want is for you to not destroy the company while you goof off, and sometimes goofing off for a minute or two can increase productivity and morale (my opinion). In any case, not my job to be the warden.
Normal people lack the sophistication to truly understand, and avoid, the dangers in the world we live in as far as technology is concerned. Hence, the path of least resistance. I make them use their own devices and prevent them from being able to connect to company equipment. Super glu in the USB socket is very effective, but so is disabling it in the OS, which allows them to still use it to charge stuff.
As far as spare time and unpaid work (there should never be such a thing), that is unfortunately not possible with some industries. I simply cannot allow regular employees to take work home, or have unfettered remote access. Some executives have it, because it is not possible to deny them, but it is very vulnerable. I have already had to chastise somebody for using company equipment for porn. Thankfully, I had support from higher up.
I have to be this vigilant. Failure on my part can mean tens of thousand of customers (possibly much higher) hurt because of loss of data. Worse, if it is private and sensitive medical records. I would hope that the CTO of any other company was protecting my data just as well.
I can't speak for Gellenburg, but you should not be sending emails in the first place.
Email is:
1) Freaking horrible for data transfer. It was quite simply not designed for it. Everything has to be base64 encoded (blows up file size) and jammed into the message itself. It should be a file manifest and separate connections made once the message is approved for delivery/routing, but alas, email is very old.
2) Not designed for security in the first place. Far too open by default in that you can send to anyone.
3) No authentication is really possible of the recipient.
4) No reliable standards for delivery and presentation.
It is much better to bring the customer to you via a secured web portal. USAA is a good example. They refused, and were not even capable, of emailing me or faxing me anything sensitive. If I needed something it was provided as a downloadable document that I could retrieve on demand.
It is the job of IT to block your ability to send sensitive information via email, but it is also their job to provide you with tools to do yours. Your concern about a time crunch should have been a non-issue.
You can leak a ton of data simply by passing it in the POST. Nothing stops you from base64 encoding it either so simple regex matching would be defeated. It could be encrypted as well. With some of the development tools now present in browsers you can even write your own live javascript code (Firebug) that would allow you to make your own AJAX calls passing whatever you wanted.
If you have to be that sensitive and proactive about data leakage you really can't use anything less than a whitelist for access. A web browser can be a powerful tool to leak data in the right hands.
No... it is entirely reasonable not to do anything personal on the company's network.
Just because the Internet made it easier to do online banking, does not mean you can do it on company time and resources. People used to take time to handle their personal affairs, and it was not even possible to do so at work. A change in technology does not make it more ethical to abuse company time and resources.
Security is also a concern as well.
I also have a proxy running at every branch office and very strict enforcement of company policies. Using company resources for personal reasons is grounds for dismissal. No Facebook, No Twitter, No Banking, No Pandora, No anything. The proxy has a whitelist, and if it is required to access something not on the whitelist, a request is made to a supervisor and it goes up the chain.
While I am very strict, and record all access to customer data, block USB ports, etc., I do allow employees to connect their phones and tablets to a separate wireless network. This allows them to still have their crack-addict fix for Facebook, and to isolate themselves with Pandora/Slacker.
Nobody deserves to have the Internet at their fingertips, provided by the company, as some sort of fundamental human right. Even if it were so, nothing says that it should not be separate and kept away from company equipment.
Security Overkill? Ask somebody to had their private medical data, or financial data, or whatever let loose in the wild and see if they really wanted our employees to run freakin wild with the new naive and idealistic BYOD utopian fantasy.
If you think about it.... why does it have to company equipment and company networks? Just about everybody has a smartphone or tablet on them now with access to their own bandwidth that they pay for. It does not have to be the private corporate network as if that was the only solution available.
"Reasonable". Really. What I find curious is the incredible sense of entitlement that some employees have about 24/7/365 Internet access and how any kind of impediment to its use is akin to genocide. Never mind the fact that they are being paid to work and not being paid to spend 10 minutes out of every hour checking Facebook and Twitter.
You wonder where the work ethic has gone in this country.
Before I get accused of being some sort of security fascist, remember that I am providing a completely separate connection for their personal devices and only ask that they restrict all personal needs to said devices.
I don't think we are going to start giving antibiotics to prairie dogs.
Only because they are apparently not that tasty. If they were in a sandwich from McDonald's you would see farms of them with antibiotics in their food.
The dynamic IP is not a problem. Most routers these days have DDNS support and DynDns will allow you to specify amazingly small TTL's. I use it quite a bit for business since it is cheap (~$20/year) and a static IP change (some ISPs are retarded bastards that don't even tell you) does not have me rushing around changing VPN policies everywhere. Not to mention it makes it easier to configure a lot of services, such as security cameras, etc.
The whole reason for the TOS though is that upstream bandwidth, and bandwidth that needs to be paid for due to peering/transit, is expensive to the ISP. Not much more complex of a reason.
So if you really are running a hobbyist website that is using very little bandwidth I sincerely doubt the ISP will even notice or care. They are far more pissed off when you are seeding a 50GB BluRay release to a couple dozen people at once maxing out your bandwidth over a 24 hour period.
Small little webserver hits are a welcome relief to the ISP when you consider that.
It would seem you still can. If you can decrypt something that means there is a method to do so. You pass the message and one-time pad into this "function" and receive output.
I know that whole million monkeys can make Shakespeare deal, but do you really think that there are going to be a large number of outputs that are intelligible communication? Or even match a dataset that can be decoded by various encoders representing audio/video formats?
Of course, doing so may not be currently possible in a viable time period (less than your lifetime), but to say it is truly unbreakable is a very bold statement.
It seems to me that all cryptanalysis basically boils down to:
(i) Vulnerabilities in implementation and algorithms. Kind of like how you can get the summation of a number with a simple equation instead of doing all the work (ii) Brute Force - Testing the outputs for all possible inputs.
IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
Imagine you are being that exists beyond time and space and can experience all possibilities at the same time. I would think that all possible computed plain-texts would mostly look a huge pile of crap, but an exceedingly few amount are going to look like something you recognize, and then one of them will look like an Apple.
Once again, that does not mean one-time pads are not very secure. They are very secure, just not truly unbreakable.
Slashdot Mirror
1) Every companies data is that important.
No it's not.
Yes, it is. Any customer data is that important. For you to say that it is not is disrespectful to the customer, and clearly placing more value on your convenience than their privacy and security.
Unless you are telling me that you will condone a small amount of your personal details leaking as long as it facilitates an easier work environment for those employees? You willing to put up your financial data?
This is called a non-sequitur.
No, it is not. If you want to lower the state of corporate security just for the sake of convenience, than put up your data. What's good for the goose is good for the gander.
2) You're not seriously suggesting two workstations for each employee to allow them personal use on one of them?
Environments with high security and low security workstations at each desk are not uncommon.
They're extremely uncommon, nonsensical, and economically not viable. Now, my suggestion was non-sequitur and the fact you took it as serious is amazing.
Seriously, you have to be crazy if you are really suggesting that exists. Twice the usage of space on the desk, twice the cost, etc.
As for the employee... too fucking bad.
Precisely how I feel about the employer trying to slave drive his employees.
Who is slave driving?
All I am asking is that web browsing for personal affairs is not conducted on corporate equipment.
What next? I don't provide free catered food in the break room and I am a slave driver? I'm evil for not providing everything?
I don't know what else to say about that. Some employees work so hard they still need government assistance. I'm willing to bet though that if you are in a company that has networks and workstations, that your employees are not so freakin poor they can't afford a smartphone or tablet.
Then you need to get out more. There are, believe it or not, still people who deal with their money responsibly, and plenty of office workers who barely make enough to pay for food, rent, and ~10% savings on top of that.
More responsibly? That's a value judgement. You're saying that smartphones and tablets are irresponsible purchases, when more and more life is conducted on the Internet. I can see you a 100 years ago claiming that automobiles were irresponsible purchases.
I guess you just wanted to completely and totally ignore my suggestion of putting in a guest terminal in the breakroom? That would, you know, actually address and solve your problem. Employees on break could conduct the personal affairs they need to at no cost to themselves.
No, it's okay. You can keep ignoring that.
It is not a justification for hacking into people's HTTPS sessions, or otherwise covertly monitoring them. Those are solutions for invading people's privacy and fishing expeditions.
How many times do I need to say that I am not doing that !.
You just want to be obstinate. Your demand to do whatever the hell you want on corporate equipment must trump absolutely every argument that I have, and screw the customer. Their shit is not important, not according to you.
The guest wireless network is not monitored. No privacy is invaded. No HTTPS sessions are "hacked". Nothing. Nada. Zippo. Do what you want.
You forgot one thing...
Installing MyCleanPC, and the subsequent ass-raping your PC will receive, is vastly more preferable than the mental-ass-raping you will receive by watching 2 girls 1 cup.
Thank you very much. I had almost forgotten about that travesty on the net. Thanks for freshening up those wounds for me.
Personally i like pot from the Ozarks myself, the rich soil gives it a nice peaty overtone with a lovely aroma, almost like being in a forest, quite lovely.
LOL.
Ok. Personally, I have never experienced this "mellow" pot that you speak of. Only the super strength stuff. Even just a small puff and I was ready to go Ocean's 11 on the Keebler Elf factory.
I get your overall point though and I have a strange desire to visit the Ozarks.
If your data security is that important, then utilise physically separate networks and workstations with an air gap.
1) Every companies data is that important. Unless you are telling me that you will condone a small amount of your personal details leaking as long as it facilitates an easier work environment for those employees? You willing to put up your financial data?
2) You're not seriously suggesting two workstations for each employee to allow them personal use on one of them?
Not every employer has a guest wireless. Not every employee has the means to use it.
Not my problem. I do provide it. It is not unreasonably expensive either. DD-WRT has guest network capability which can be used on commodity routers, and $250 dollars will get you an a very decent enterprise-like Netgear dual band access point capable of all of it.
As for the employee... too fucking bad. I don't know what else to say about that. Some employees work so hard they still need government assistance. I'm willing to bet though that if you are in a company that has networks and workstations, that your employees are not so freakin poor they can't afford a smartphone or tablet.
If it was a real issue, and not some hypothetical you created to tear down the whole guest wireless access as a reasonable solution, you could put a guest terminal in the break room .
I do, however, see a lot of people trying to conflate "security" with "not letting employees do anything that isn't work related".
You can't be serious?
Non work related personal sites can absolutely be a vector for malware. Personal email, especially so. Just what part of multi-billion dollar malware business do you not understand? Large scale espionage from foreign countries?
Restricting usage to only work related destinations is a huge mitigating factor. All I have to rely on at that point is the other companies having enough security. At the end of the day, if they screw up... yes we are at risk.
We are at a lot less risk by preventing FB/Twitter/Gmail/Some-Random-Entertainment-Site-Or-Blog though.
This does not have to be company wide either. For instance does the Marketing department really need access to customer data? Maybe some execs, but not the guys making the artwork. Let them have less restricted access since they usually have their own machines anyways and will not be connecting it to the corporate network, but their own network in their own department.
I honestly cannot understand how you can say I am conflating anything. It either means you are deliberately ignoring the risks to further an agenda to allow more "freedom" for employees or you are honestly unaware of the dangers and should not be responsible for security.
I'm not snooping on you. It's amazing how hard you want to fight yourself getting what you wanted in the first place.
LOL.
Why? Because I protect the network and give you guest wireless access?
Did you even look at what you referenced? It was about MIT and basically boils down to negative reinforcement==bad.
What part of guest wireless access is *not* positive reinforcement?
I am probably a little biased against FB/Twitter.
It's meaningless fluff communication that is no different (or perhaps even less worthwhile) than nattering to a co-worker or family member.
An intimate embrace between two people it is not. More like a neurotic desire to reach out every 5 seconds and touch the person to make sure they are still there.
Once you start spending that much time per hour engaged in such activity, it becomes unhealthy and counter productive to life in general. Not just the job.
I honestly don't know if it is attributable to any one thing you mentioned, or really some sort of addiction. Curious to see a study on it.
Yeah... and well not everything is like Nam either.
I have every justification I need.
It is NOT snooping to secure the network against data leakage. You seem to forget that the corporate network is not there to facilitate their personal lives. It is there to service customers.
I already brought it up with a supervisor that all I saw somebody doing was playing around with their phone all day instead of working. They were fired. Not because I said so, but because that was really what they were doing and their work performance clearly showed it. I didn't mention it after one day either. I waited 4 months before I mentioned something in passing.
As far as snooping into your personal life, the guest wireless is not monitored so your concerns are baseless. All I have done is to separate it and monitor/restrict the bandwidth usage. That's it. I do maintain a log of bandwidth usage against physical addresses, but that is only to see if there are any single connections taking away too much bandwidth. I don't log where it is going.
It is not reasonable, nor is it part of finding a balance, to use corporate equipment on corporate networks in a way that can endanger the company.
Don't forget about the untold number of customers that depend on the company to protect their data either.
Figuring out if an employee is using their time wisely is not my job. I just get upset when I see somebody clearly abusing the company. Of course, corporate america abuses employees, but at some point the professionalism needs to start somewhere.
I do also work in a nice place, in part, because of nice people in charge. Like myself.
While the company equipment is heavily restricted, personal equipment is not. That also has a side effect that it makes it very easy to spot who is taking a break and who is not, and for how long. It's more transparent.
I walk into the break room and there are always 4 or 5 people with tablets/phones reading or watching TV. That is possible safely because of me and my push to upper management.
It's not about trust. I don't trust the employees. That would be stupid. Do you trust a 5 year old to be able to take care of themselves, fix dinner, go to bed at a reasonable hour?
It's about respect. I respect that they are there to do their jobs and have as pleasant an experience at work that we can all make it. My job is to enable their job, while protecting their ability to do their job.
They won't understand the risks about web browsing, or whether or not we really are a target for espionage and data theft. They don't need to. All they need to understand is that I think there is, and I provide them an alternative so their lives are a little easier and more pleasant.
LOL.
This is what I mean by unreasonable entitled douchebags. You prove my point.
What is so wrong about protecting the network from data leakage, AND GIVING YOU UNGRATEFUL BASTARDS A WHOLLY SEPARATE INTERNET CONNECTION TO CONDUCT YOUR PERSONAL AFFAIRS ON YOUR OWN DEVICES ?
It's amazing that my simple request to not do it in a web browser on the same company equipment that has access to customer data is seen as proof of my unholy alliance with corporate america and Satan.
Oh yeah, huge turnover.
The whole deal about how you don't have to worry about your data plans on your smartphones and tablets and connect up to a separate wireless network for all your Facebook, Pandora, Spotify needs was only created by instructions from the Dark Lord.
I sacrificed a small child one night, and me and The Unclean One came up with that little ditty.
Although, it was my idea to place several APs throughout the building and in the break areas to improve reception, and increase the bandwidth on the guest wireless so they could be better able to watch their TV shows at lunch in the break room.
I'm such a dick.
Bwahahahahahhahahahhahhaha.
The 'incapability' part is nifty customer service trick they use in order to avoid debate with their members. USAA routinely faxes me, a third party, both billing statements and insurance declarations pages when requested by the member.
Are you already authorized to conduct business with USAA? If you are a vendor or agency it would not surprise me if they are authorized to fax you stuff.
For some reason faxes are considered inherently more secure. Complete rubbish, but it is information still spread out there as fact.
Heh :)
Alcohol and pot are like dish soap and concentrated dish soap. They can both get you clean, but the concentrated stuff works faster and more efficiently.
That's the problem with pot. No middle ground. A couple of tokes and you are in the kitchen shoving everything into the microwave and staring at in awe for the next few minutes as the Giver of Life itself. At least with beer you can nurse a few for an hour and still remain reasonably intelligent.
I'm sure that just about anybody there would have sounded like a Nobel prize candidate after a case of beer. Of course you are from Canada, so it might take a lot more beer.
P.S - That's the real reason why pot is illegal. It's cheap, effective, concentrated stupid... and that's not good for Capitalism.
I don't do social networking of any kind. Slacker is on quite a bit, but is on my Verizon Wireless 4G connection, which is a separate device.
I sometimes take care of personal communications (txt messaging, emails, phone calls) while at work, but never on company equipment. Once again, separate device.
That was one of the questions I got when I told an executive not to connect his phone to the corporate network. He looked at me and said, "But yours is right?". Nope, showed him the wireless connection where I was connected to the guest wireless.
If I am taking a break, then yes, I might be on.... Slashdot for instance.
Keep in mind, I am not opposed to breaks. Just unreasonable breaks on company equipment. Spending over an hour per day (in addition to regular breaks) on your personal life and social network is not acceptable and I just don't see how it can be rationalized.
By entitlement you mean:
(i) Making sure that customer data does not leak out as a result of personal affairs being conducted by employees?
(ii) Unreasonable amounts of hours wasted each week on social-networking that are far above and beyond whatever could be considered reasonable for breaks to increase productivity and company morale?
Sorry, but I work my ass off. While it is not my job to make sure you do yours, it does piss me off to no end when somebody spends the majority of their day screwing off on Facebook/Twitter/Whatever.
I don't like it when I walk around and see that happening.
There is a balance. 80+ minutes a day of social networking while you are supposed to be working is not a balance. It's not even healthy. Get up and walk around for a minute or two.
Possibly makes them more productive.
I'm not opposed to taking breaks every once in awhile, but lately I have been running into people that... well... act like addicts.
I watch them. It's more like 25 minutes out of every 60 since they are literally switching to Facebook and Twitter every minute to see if something has changed.
Like rodents constantly hitting the pedal to get a treat or something.
It may be some form of cognitive dissonance that allows them to see wasting that much time communicating with their friends as acceptable, when voice communication at the level would not be.
Workplace climates are already going downhill faster and faster.
Please don't get me wrong, I am not supporting asshole companies sucking the life out of employees by paying them less and less, expecting more and more sacrifices, all while siphoning the money away for rich, useless, fucking wastes of space that are the upper executives in most very large companies. Boy have I known some.....
You should be able to have a balanced life and not need to conduct personal affairs at work.
As the CTO, I need to balance so many things. In this instance all I am trying to balance is security versus usability. I need to take very strong measures to prevent data leakage and be aware of it at least after the fact.
That's why I offer paths of least resistance. It's about the wisest thing I do, or at least I think I do. Personally, I don't care what you do at your desk. It's your responsibility to get your tasks done in the time allotted. All I want is for you to not destroy the company while you goof off, and sometimes goofing off for a minute or two can increase productivity and morale (my opinion). In any case, not my job to be the warden.
Normal people lack the sophistication to truly understand, and avoid, the dangers in the world we live in as far as technology is concerned. Hence, the path of least resistance. I make them use their own devices and prevent them from being able to connect to company equipment. Super glu in the USB socket is very effective, but so is disabling it in the OS, which allows them to still use it to charge stuff.
As far as spare time and unpaid work (there should never be such a thing), that is unfortunately not possible with some industries. I simply cannot allow regular employees to take work home, or have unfettered remote access. Some executives have it, because it is not possible to deny them, but it is very vulnerable. I have already had to chastise somebody for using company equipment for porn. Thankfully, I had support from higher up.
I have to be this vigilant. Failure on my part can mean tens of thousand of customers (possibly much higher) hurt because of loss of data. Worse, if it is private and sensitive medical records. I would hope that the CTO of any other company was protecting my data just as well.
I can't speak for Gellenburg, but you should not be sending emails in the first place.
Email is:
1) Freaking horrible for data transfer. It was quite simply not designed for it. Everything has to be base64 encoded (blows up file size) and jammed into the message itself. It should be a file manifest and separate connections made once the message is approved for delivery/routing, but alas, email is very old.
2) Not designed for security in the first place. Far too open by default in that you can send to anyone.
3) No authentication is really possible of the recipient.
4) No reliable standards for delivery and presentation.
It is much better to bring the customer to you via a secured web portal. USAA is a good example. They refused, and were not even capable, of emailing me or faxing me anything sensitive. If I needed something it was provided as a downloadable document that I could retrieve on demand.
It is the job of IT to block your ability to send sensitive information via email, but it is also their job to provide you with tools to do yours. Your concern about a time crunch should have been a non-issue.
You can leak a ton of data simply by passing it in the POST. Nothing stops you from base64 encoding it either so simple regex matching would be defeated. It could be encrypted as well. With some of the development tools now present in browsers you can even write your own live javascript code (Firebug) that would allow you to make your own AJAX calls passing whatever you wanted.
If you have to be that sensitive and proactive about data leakage you really can't use anything less than a whitelist for access. A web browser can be a powerful tool to leak data in the right hands.
No... it is entirely reasonable not to do anything personal on the company's network.
Just because the Internet made it easier to do online banking, does not mean you can do it on company time and resources. People used to take time to handle their personal affairs, and it was not even possible to do so at work. A change in technology does not make it more ethical to abuse company time and resources.
Security is also a concern as well.
I also have a proxy running at every branch office and very strict enforcement of company policies. Using company resources for personal reasons is grounds for dismissal. No Facebook, No Twitter, No Banking, No Pandora, No anything. The proxy has a whitelist, and if it is required to access something not on the whitelist, a request is made to a supervisor and it goes up the chain.
While I am very strict, and record all access to customer data, block USB ports, etc., I do allow employees to connect their phones and tablets to a separate wireless network. This allows them to still have their crack-addict fix for Facebook, and to isolate themselves with Pandora/Slacker.
Nobody deserves to have the Internet at their fingertips, provided by the company, as some sort of fundamental human right. Even if it were so, nothing says that it should not be separate and kept away from company equipment.
Security Overkill? Ask somebody to had their private medical data, or financial data, or whatever let loose in the wild and see if they really wanted our employees to run freakin wild with the new naive and idealistic BYOD utopian fantasy.
If you think about it.... why does it have to company equipment and company networks? Just about everybody has a smartphone or tablet on them now with access to their own bandwidth that they pay for. It does not have to be the private corporate network as if that was the only solution available.
"Reasonable". Really. What I find curious is the incredible sense of entitlement that some employees have about 24/7/365 Internet access and how any kind of impediment to its use is akin to genocide. Never mind the fact that they are being paid to work and not being paid to spend 10 minutes out of every hour checking Facebook and Twitter.
You wonder where the work ethic has gone in this country.
Before I get accused of being some sort of security fascist, remember that I am providing a completely separate connection for their personal devices and only ask that they restrict all personal needs to said devices.
I don't think we are going to start giving antibiotics to prairie dogs.
Only because they are apparently not that tasty. If they were in a sandwich from McDonald's you would see farms of them with antibiotics in their food.
That's just like your opinion, man.
It is highly likely that it is against the TOS.
The dynamic IP is not a problem. Most routers these days have DDNS support and DynDns will allow you to specify amazingly small TTL's. I use it quite a bit for business since it is cheap (~$20/year) and a static IP change (some ISPs are retarded bastards that don't even tell you) does not have me rushing around changing VPN policies everywhere. Not to mention it makes it easier to configure a lot of services, such as security cameras, etc.
The whole reason for the TOS though is that upstream bandwidth, and bandwidth that needs to be paid for due to peering/transit, is expensive to the ISP. Not much more complex of a reason.
So if you really are running a hobbyist website that is using very little bandwidth I sincerely doubt the ISP will even notice or care. They are far more pissed off when you are seeding a 50GB BluRay release to a couple dozen people at once maxing out your bandwidth over a 24 hour period.
Small little webserver hits are a welcome relief to the ISP when you consider that.
Really?
It would seem you still can. If you can decrypt something that means there is a method to do so. You pass the message and one-time pad into this "function" and receive output.
I know that whole million monkeys can make Shakespeare deal, but do you really think that there are going to be a large number of outputs that are intelligible communication? Or even match a dataset that can be decoded by various encoders representing audio/video formats?
Of course, doing so may not be currently possible in a viable time period (less than your lifetime), but to say it is truly unbreakable is a very bold statement.
It seems to me that all cryptanalysis basically boils down to:
(i) Vulnerabilities in implementation and algorithms. Kind of like how you can get the summation of a number with a simple equation instead of doing all the work
(ii) Brute Force - Testing the outputs for all possible inputs.
IMHO, the fallacy in the claim of unbreakable one-time pad encryption is the reliance that all computed plain-texts for the key space are equally possible to be the correct plain-text for the cipher text.
Imagine you are being that exists beyond time and space and can experience all possibilities at the same time. I would think that all possible computed plain-texts would mostly look a huge pile of crap, but an exceedingly few amount are going to look like something you recognize, and then one of them will look like an Apple.
Once again, that does not mean one-time pads are not very secure. They are very secure, just not truly unbreakable.
It's not that the question was unreasonable, it was the accompaniment of flying poo.