Sorry. I missed that first "not" in your post. As for apps with their own certs, you would let those stay encrypted, but limit where they can go. These kinds of apps (ones that use client certs if I'm reading you right) usually perform specific business functions and are not for general surfing. In fact, if it was me, I'd bypass the proxy entirely for these apps to keeps the number of moving parts to a minimum.
Actually that's not what these devices "are for". They're tools for enforcing company policy. That's it. They are not evil in and of themselves. Do clueless organizations try to use them for "nannying" their employees to death? Every day. And they're so busy making sure Joan in Accounting doesn't spend 15 extra minutes on Facebook that they miss all the PII and company IP going out one of the other many other open transports out of the company network. Any company that is serious about security either doesn't allow this information on the untrusted network (where the users live) in the first place or they lock down internet access to the point that most employees don't even know the company has a connection to the internet. Everyone else is a breach in progress.
And no, you don't need a certificate from a trusted CA to do SSL MITM on on a Bluecoat (but it would come in handy for a government entity spying on its citizens). All you need is a trusted wildcard cert. The Active Directory CA cert would work just as well in a corporate environment.
UTM? That's soooo 2002! Though at the low end, that is probably the best solution today. Next Generation firewalls work at Layer 7 and inspect the packet once (instead of once for each way you want to look at it: stateful inspection, authentication, antivirus, IPS, etc.). I know of several UTM manufacturers at your price point whereas a Next Generation firewall starts at about $5000.00.
This is the future of firewalls. It's expensive now because it's new. But soon, you'll be able to do this on your SOHO (or SMB) firewalls: http://www.paloaltonetworks.com/
Not quite. Where do you think all the energy that is stored in fossil fuels came from? Energy from the sun can be stored as well as reflected or radiated.
I think perhaps you are missing the point that fembots was trying to make. Putting the authority to both make and enforce policy into one department invites corruption and uninformed policy making. I agree with fembots that the policy making group should be independent of the policy enforcement group in any large organization. That being said, I think it is imperative that the policy making group understand the implications of its policy. Thus, having some kind of IT expertise in the HR department (or at least in the IT policy making process) is required to make a policy that is informed and enforceable.
So all of the actions you alluded to in your comment (password length, firewall rules, etc.) would be the job of IT (or IT Security) to enforce, whereas the the writing of the IT policies would be the responsibility of the HR department (with participation of IT technical resources from within or outside the HR department). This is usually the way it works for physical security in most large organizations.
This guy has rights that cannot under any circumstances be taken away.
This isn't entirely true. As a convicted felon, this person will lose many of his rights. He may lose the right to vote, to own a handgun, to become a police officer, to hold public office, etc. Other rights, such as the right to life or to due process are retained.
While I don't disagree with you that there are really only two U.S. car companies left, I'm pretty sure FIAT won't be buying either one of them, considering that GM already owns 20% of FIAT and may be forced to buy the rest in the next year or so.
In general, I would say the chances are very small that GM (a.k.a. Holden, Vauxhall, Opel, Saab, Daewoo, DirecTV, GMAC, OnStar, Allison... as well as percentages of FIAT, Isuzu, Suzuki, Subaru, and many others) or Ford (which has a similar ownership structure) would be gobbled up by anyone.
Slashdot Mirror
Three words: Target Disk Mode
Sorry. I missed that first "not" in your post. As for apps with their own certs, you would let those stay encrypted, but limit where they can go. These kinds of apps (ones that use client certs if I'm reading you right) usually perform specific business functions and are not for general surfing. In fact, if it was me, I'd bypass the proxy entirely for these apps to keeps the number of moving parts to a minimum.
You'd be amazed how lazy corporate entities can be. Even "security companies"...
Actually that's not what these devices "are for". They're tools for enforcing company policy. That's it. They are not evil in and of themselves. Do clueless organizations try to use them for "nannying" their employees to death? Every day. And they're so busy making sure Joan in Accounting doesn't spend 15 extra minutes on Facebook that they miss all the PII and company IP going out one of the other many other open transports out of the company network. Any company that is serious about security either doesn't allow this information on the untrusted network (where the users live) in the first place or they lock down internet access to the point that most employees don't even know the company has a connection to the internet. Everyone else is a breach in progress.
And no, you don't need a certificate from a trusted CA to do SSL MITM on on a Bluecoat (but it would come in handy for a government entity spying on its citizens). All you need is a trusted wildcard cert. The Active Directory CA cert would work just as well in a corporate environment.
Vietnam?
Those SA-2s didn't guide themselves...
Pretty close: http://www.paloaltonetworks.com/researchcenter/2009/08/applipedia-on-the-iphone/
UTM? That's soooo 2002! Though at the low end, that is probably the best solution today. Next Generation firewalls work at Layer 7 and inspect the packet once (instead of once for each way you want to look at it: stateful inspection, authentication, antivirus, IPS, etc.). I know of several UTM manufacturers at your price point whereas a Next Generation firewall starts at about $5000.00.
This is the future of firewalls. It's expensive now because it's new. But soon, you'll be able to do this on your SOHO (or SMB) firewalls: http://www.paloaltonetworks.com/
Here you go:
http://www.openbsd.org/faq/pf/queueing.html
Not quite. Where do you think all the energy that is stored in fossil fuels came from? Energy from the sun can be stored as well as reflected or radiated.
I think perhaps you are missing the point that fembots was trying to make. Putting the authority to both make and enforce policy into one department invites corruption and uninformed policy making. I agree with fembots that the policy making group should be independent of the policy enforcement group in any large organization. That being said, I think it is imperative that the policy making group understand the implications of its policy. Thus, having some kind of IT expertise in the HR department (or at least in the IT policy making process) is required to make a policy that is informed and enforceable.
So all of the actions you alluded to in your comment (password length, firewall rules, etc.) would be the job of IT (or IT Security) to enforce, whereas the the writing of the IT policies would be the responsibility of the HR department (with participation of IT technical resources from within or outside the HR department). This is usually the way it works for physical security in most large organizations.
---
Oooohhh, a Primer. I wan't one too! I wish they were't just for young ladies though...
This guy has rights that cannot under any circumstances be taken away.
This isn't entirely true. As a convicted felon, this person will lose many of his rights. He may lose the right to vote, to own a handgun, to become a police officer, to hold public office, etc. Other rights, such as the right to life or to due process are retained.
While I don't disagree with you that there are really only two U.S. car companies left, I'm pretty sure FIAT won't be buying either one of them, considering that GM already owns 20% of FIAT and may be forced to buy the rest in the next year or so.
In general, I would say the chances are very small that GM (a.k.a. Holden, Vauxhall, Opel, Saab, Daewoo, DirecTV, GMAC, OnStar, Allison... as well as percentages of FIAT, Isuzu, Suzuki, Subaru, and many others) or Ford (which has a similar ownership structure) would be gobbled up by anyone.
Is it me or do these things look like the "next generation" Vulcan?
No, not that vulcan. The Avro Vulcan that served in the RAF for most of the Cold War...