Overprotectionist Firewall Policies
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
erik256 wrote:
I have to download it at home, bring it in on dvd and install it that way
That's nice and secure ;) :-D
"...great scott!" Dilbert: Aren't all meetings like this... Richard Dawkins: "What if you're wrong?"
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
That's plain crazy. There are a lot of studies running currently trying to gather data for proving that too much security costs a lot more than one or two threats that manage to come through. Even displaying * instead of letters in passwords edit box can be more costly than the risk of someone peeping your credentials. I hate when everything is blocked.
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
Paranoid: Yes. Unique: No,sadly. It's exactly like this where I work. Currently all the following are blocked:
- P0rn, obviously but sadly :)
- Downloads, including development downloads
- Blogs, including development blogs
- Video, including development videos
- Anything WebSense decides is "Computer Security".
- Anything WebSense decides is "Lifestyle".
- Anything WebSense decides is "Travel".
- Anything WebSense decides is "Traditional Religions". So for example the highly-subversive Church Of England (Episcopalian to our US cousins) is blocked, but I've tested and can get onto any number of [religous] cult sites.
- Careers Websites
I can understand 1 & 2, I can't understand the blanket restrictions on 3-9. My favourites are "Computer Security", so I can't look up potential security threats to our system, and "Travel", meaning that you can't look up bus timetables if you work late. The restriction on 10 just prevents me from doing what I want to do because of all the other stupid rules until I get home. We have multiple regulations that are always brought in for either "Health and Safety" or "Security". My favourite new rule is that you can't eat sandwiches at our desks because of heath and safety (note that these rules weren't about when the job market was boyuant). This sort of thing is just making me increasingly militant. If the rule stop me from doing my job,I just adhere to the rules, and I hate the fact it's making me this way.
-
Paranoid: Yes. Unique: No,sadly. It's exactly like this where I work. Currently all the following are blocked:
- P0rn, obviously but sadly :)
- Downloads, including development downloads
- Blogs, including development blogs
- Video, including development videos
- Anything WebSense decides is "Computer Security".
- Anything WebSense decides is "Lifestyle".
- Anything WebSense decides is "Travel".
- Anything WebSense decides is "Traditional Religions". So for example the highly-subversive Church Of England (Episcopalian to our US cousins) is blocked, but I've tested and can get onto any number of [religous] cult sites.
- Careers Websites
I can understand 1 & 2, I can't understand the blanket restrictions on 3-9. My favourites are "Computer Security", so I can't look up potential security threats to our system, and "Travel", meaning that you can't look up bus timetables if you work late. The restriction on 10 just prevents me from doing what I want to do because of all the other stupid rules until I get home. We have multiple regulations that are always brought in for either "Health and Safety" or "Security". My favourite new rule is that you can't eat sandwiches at our desks because of heath and safety (note that these rules weren't about when the job market was boyuant). This sort of thing is just making me increasingly militant. If the rule stop me from doing my job,I just adhere to the rules, and I hate the fact it's making me this way.
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
-
erik256 wrote:
paranoid
then you shouldn't be able to download PDF's either (they are in fact dangerous, remember the JBIG2 buffer overflow?)
Oh for god's sake please don't tell our IT Security Dept :laugh:
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
My background is writing automation software for manufacturing companies and this sort of attitude is nearly identical to the illusion of "100% inspection" for quality control. There is no such thing, and this myth was debunked by Deming back in the 50's. It took about 40 years for it to permeate the manufacturing industry, by which time it was too late of course. Control freak IT departments are under the same delusion that they can put technological solutions in place to (effectively) catch 100% of the "bad stuff." To quote one of my favorite movies (Full Metal Jacket), they are "silly and ignorant." Hopefully it won't take 40 years, but eventually they will learn the same lesson that manufacturers did. Train users on how to use their tools (the computer) and how to solve problems. Teach people what the dangers are, what they should and should not be doing, and hold them accountable. It's not perfect, but then again neither are ridiculous firewall restrictions.
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
My position allows me to decide on what is allowable or not. I am a good boss. I do not censure anything at work, but explain to the elves and muggles (Elves are my girls, muggles are everyone else who is not in the Accounts or IT depts), that I can monitor averything they do. So, I occasionally will send a message saying, "Great Bargain on Ebay, but to pay for it you are required to do some work", and they get the message. I had a Chief Surveyor on a porn site and asked him if he would like his wife to know what he was watcing. Again, no more problems from that department :) I trust them not to screw around, and allow them private access so long as it doesn't interfere with work. The downside is I keep having to send myself memos for being on CP All Bleedin' Day!!! :laugh:
------------------------------------ "Men may make bad decisions, immoral decisions or just plain wrong decisions, but at least they make decisions. Women on the other hand..." Patrick Kielty 2006
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
erik256 wrote:
I am all for security, but does anyone think this is a bit paranoid?
Not at all, most corporations (even small ones) implement stupid policies. The real question is why so many people in authority will follow the guidance of an expensive consultant who is unlikely to know even the basics of what he is asked to advise on, yet totally ignore their own subordinates who have demonstrated their knowledge of the company's needs, and what good tools are available to satisfy those needs. Sometimes you need to explain to your boss in simple terms why you cannot complete the task he sets you, even in "Catch 22" situations.
-
Paranoid: Yes. Unique: No,sadly. It's exactly like this where I work. Currently all the following are blocked:
- P0rn, obviously but sadly :)
- Downloads, including development downloads
- Blogs, including development blogs
- Video, including development videos
- Anything WebSense decides is "Computer Security".
- Anything WebSense decides is "Lifestyle".
- Anything WebSense decides is "Travel".
- Anything WebSense decides is "Traditional Religions". So for example the highly-subversive Church Of England (Episcopalian to our US cousins) is blocked, but I've tested and can get onto any number of [religous] cult sites.
- Careers Websites
I can understand 1 & 2, I can't understand the blanket restrictions on 3-9. My favourites are "Computer Security", so I can't look up potential security threats to our system, and "Travel", meaning that you can't look up bus timetables if you work late. The restriction on 10 just prevents me from doing what I want to do because of all the other stupid rules until I get home. We have multiple regulations that are always brought in for either "Health and Safety" or "Security". My favourite new rule is that you can't eat sandwiches at our desks because of heath and safety (note that these rules weren't about when the job market was boyuant). This sort of thing is just making me increasingly militant. If the rule stop me from doing my job,I just adhere to the rules, and I hate the fact it's making me this way.
keefb wrote:
The restriction on 10 just prevents me from doing what I want to do because of all the other stupid rules until I get home.
Sneaky eh? :cool:
Personally, I love the idea that Raymond spends his nights posting bad regexs to mailing lists under the pseudonym of Jane Smith. He'd be like a super hero, only more nerdy and less useful. [Trevel]
| FoldWithUs! | sighist -
My position allows me to decide on what is allowable or not. I am a good boss. I do not censure anything at work, but explain to the elves and muggles (Elves are my girls, muggles are everyone else who is not in the Accounts or IT depts), that I can monitor averything they do. So, I occasionally will send a message saying, "Great Bargain on Ebay, but to pay for it you are required to do some work", and they get the message. I had a Chief Surveyor on a porn site and asked him if he would like his wife to know what he was watcing. Again, no more problems from that department :) I trust them not to screw around, and allow them private access so long as it doesn't interfere with work. The downside is I keep having to send myself memos for being on CP All Bleedin' Day!!! :laugh:
------------------------------------ "Men may make bad decisions, immoral decisions or just plain wrong decisions, but at least they make decisions. Women on the other hand..." Patrick Kielty 2006
Dalek Dave wrote:
I had a Chief Surveyor on a porn site and asked him if he would like his wife to know what he was watcing.
Too bad his reply wasn't "Her"
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
Yes. They are being too paranoid. Its one thing to stop everyone outside the tech support dept. That might be overkill. This is, IMO, just plain stupid.
erik256 wrote:
I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job... ...I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!)
Total conflict. If you weren't in tech support that might not be a problem. But they're preventing you from doing your job. And creating a security hole (as someone else pointed out above) that they wouldn't have otherwise. Get your resume done and out there. Someone with a job is more attractive than someone without a job. And one day someone might bring up in your 'evaluation' that you aren't doing your job. Then when you protest that you are being prevented, they insist that you have a bad attitude. And why aren't you putting cover sheets on your TPS reports, didn't you get the memo? Perhaps that's too paranoid a pic as well. I still think your frustration would be substantially reduced if you are at least semi-actively looking for a job.
_____________________________ There is no I in team. But there is meat in there.
-
thought i would share a small story with you chaps... The company I work for has some pretty crazy firewall policies. I am a tech support person that is required to download software patchs and product evaluations/samples as part of my job. I am feeling extremely annoyed at the moment. Our corporate firewall policy blocks download of any program files, archives, msi's, Flash (!), ActiveX, java applets and almost anything to make a web page work properly from a display point of view. If I need to download any of these, I have to ask my manager who is an autocratic control freak (cant you tell?!) if in the rare cases i am given permission, i then have to find a big enough usb key to go into our server room and physically download the file in there. I cannot download Documents. I can essentially only download Html, .js files and pdf's! I cannot update my PC with Windows Update as this is blocked too. We dont have any form of centralised update server so I have no means of updating my PC. if i need to install a service pack, I have to download it at home, bring it in on dvd and install it that way (the manager does this as well as his home connection is faster!) I am all for security, but does anyone think this is a bit paranoid?
Maybe a bit of persoanl over-strictness? If you have to download something for work on your home network, 1/ Invoice them prorata for use of your internet connection. 2/ Do it during working hours. Start the download at (eg) 830am, and sit at home drinking a cup of tea until the download is finished. "Sure, I'd love to be working during this time - just let me remote into my work PC, and I would!" 3/ If their policies make it impossible for you to stay late, don't! I'm not sure you should do *all* of this, but it might help! Or 4: Setup a personal webproxy at home, and route all your traffic via there. It would not help on activex, etc, but it would ehlp on site blocking. Iain.
I have now moved to Sweden for love (awwww). If you're in Scandinavia and want an MVP on the payroll (or happy with a remote worker), or need cotract work done, give me a job! http://cv.imcsoft.co.uk/[^]
-
Maybe a bit of persoanl over-strictness? If you have to download something for work on your home network, 1/ Invoice them prorata for use of your internet connection. 2/ Do it during working hours. Start the download at (eg) 830am, and sit at home drinking a cup of tea until the download is finished. "Sure, I'd love to be working during this time - just let me remote into my work PC, and I would!" 3/ If their policies make it impossible for you to stay late, don't! I'm not sure you should do *all* of this, but it might help! Or 4: Setup a personal webproxy at home, and route all your traffic via there. It would not help on activex, etc, but it would ehlp on site blocking. Iain.
I have now moved to Sweden for love (awwww). If you're in Scandinavia and want an MVP on the payroll (or happy with a remote worker), or need cotract work done, give me a job! http://cv.imcsoft.co.uk/[^]
Iain Clarke, Warrior Programmer wrote:
Setup a personal webproxy at home, and route all your traffic via there. It would not help on activex, etc, but it would ehlp on site blocking.
If they're being that jackbooted on normal access they've probably got something monitoring logs to spot proxy use.
The latest nation. Procrastination.