[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
Veering slightly off topic... Joe, I think your approach makes sense, and I try to implement it wherever *I* go. However, I find that the ability to use this approach varies with the intellectual sophistication of the user base, which in turn varies substantially based on industry and company size (or, roughly translated, what kind of jobs are folks doing, what brain power does it demand, and how many folks are there). I worked at a sub-100 person company that thought the computer was their personal property and that the "computer guy's" job was to come running through the building whenever they got frustrated with something, like not knowing how to underline something in MS Word, and it was als the "computer guy's" job to write macros because there were too many mouse moves and clicks to make that underline happen. No, I'm not kidding. Needless to say talking about anything security-related to anyone at that firm was an exercise in futility, not to mention job suicide. On the flip side, I have also worked at a couple of sub-100 person companies where a relationship similar to what you describe was *almost* in place. In organizations like this you can say things like "we should implement this in order to achieve stability and security" without getting an answer back like "I don't see why I have to give up X...". People understand and see the big picture. So anyway, there's another view of the world... Steering back to on-topic now... In the good places, you can talk about IM and alternative systems. In the bad places, you get "you have no business telling/changing/yadda and I need/want AIM and it works for me." Ack :) -----Original Message----- From: Joe Pampel [mailto:[email protected]] Sent: Thursday, June 13, 2002 6:33 AM To: [email protected] Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1 one view of the world... Our environment is very demanding (Wall St) and so we have taken great pains to create a stable build for our workstations. They run for months w/o a reboot which I'm very happy about.. From the POV of keeping the machines "flat" as well as security everyone knows not to DL anything. The net result of this is that our staff works efficiently and without the frustration of machine instability and reboots. If folks want/need something extra on their desktops that will help them out, they can always come and ask. There is no reason IMHO for end users to be installing stuff ad hoc on their workstations. They need to understand that. Everyone here does, and it's not a "control freak" or "keep them down" thing.. it's simply letting each group of people do the best job they can and trusting one another. Everyone is cool about it. I don't know if it would hold up at a big firm (we're small, <100) but explaining what's up to everyone rather than just putting in dracronian rules and sending out a memo stating "because I said so".. has worked well. Bottom line for me is that the box belongs to the firm, with everything on it. Part of my job is deciding what goes on it. I am paid for my "expertise" (such as it is!) in assessing what products will work well together, be secure, and most importantly - solve our business problem. I use a lot of end user input/feedback to determine the last bit so it is as participative as possible. I don't play with the accounting rules or dabble in marketing.. Why would someone without the expertise need to alter a machine that our IT dept has spec'd and built, and potentially put others in the firm at risk? >>> James Edwards <[email protected]> 06/12/02 04:38PM >>> We are in the process of changing operating systems on all our PCs and I am going to seriously attempt to just block my users from installing software on their PCs. The theory being of course that if they can't install anything, they can't put IM clients or any of the other various and sundry useless, time wasting, PC eating garbage they are so fond of. I just wonder if anyone else has managed this and how effective it has been. Jim Edwards -----Original Message----- From: Rocky Stefano [mailto:[email protected]] Sent: Wednesday, June 12, 2002 9:43 AM To: [email protected] Subject: Re: [FW-1] [fw-1] Instant Messenger bypass FW-1 This has long been a known problem. Its not a vulnerability with any firewall. There are several methods available to stop IM's from getting out of your network. -----Original Message----- From: A, Kaustubh [mailto:[email protected]] Sent: June 12, 2002 9:05 AM To: [email protected] Subject: [FW-1] [fw-1] Instant Messenger bypass FW-1 Folks, I came to know about an article of Gartner saying that their are some IM bypassing Firewall by scanning open ports. Has anybody tested this CP FW-1 NG? I am afraid if this is a problem with FW-1!!! Firewall Bypass Technology AOL's Instant Messenger has a uniquely slippery client that is designed to bypass firewall port blocking technology, making the product easy to configure from behind a firewall. For example, the AOL client will use any available port, scanning even those reserved for domain naming system (DNS) lookup. This technology enables unsophisticated users to sneak past a firewall with relative ease, effectively establishing breaches in the corporate firewall. Kaustubh A. Technical Consultant HP Services ---------------------------------------------------------------------------- ------- 101-105 Enterprise Center, CTS#55 Off Neharu Road, Vile Parle (East) Mumbai 400099. *+91 (0) 22.616.7331 *GSM:*: [email protected] URL: http://www.ho.com/in ---------------------------------------------------------------------------- ------- ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|