End User Ignorance - How long will we cope? - Page 4
Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 50

Thread: End User Ignorance - How long will we cope?

  1. #31
    Junior Member
    Join Date
    Apr 2004
    Posts
    14
    ISO: "Internet Security Officer" is (when I wear the hat) a sucky job, where a state or FED entity drags you in to an office to convict an employee of misuse.... As a consultant its a sucky job to compile the history and Caches that end up confirming the charge of "guilty" of un-authorized net access on the part of a state/Fed employee... I'm sure it happens in the private sector all the time, just never had to deal with that. As far as Gov't agencys go, it always ends in termination (at least in my experience). State governments don't tend to log much, so its the persons own machine that provides the "proof" the sad part is that anyone can get window washer 5.51 from kickme.to/FOSI oh well.... the whole (L)user thing can be kinda sad sometimes....

  2. #32
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    we never have a problem with users accessing sites they shouldn't - we just dont give them net access

    they have no need for it to complete their jobs so we dont allow them to use it - if they feel they need a piece of information that is not included for them in the internal network then they can ask their team leaders for it and that can then be supplied.

    heh they dont even have email anymore - one of the first things that got taken away when we arrived

    v_Ln

  3. #33
    Banned
    Join Date
    Nov 2003
    Posts
    127
    Speaking of being accountable for what happens when one's username is logged in, it is relatively easy to obtain another's user/pwd. It takes under 3 seconds to install & take off a hardware keyboard logger. This wouldn't really help w/ surfing since surfing is a lengthy activity & one is bound to be seen by someone, but if malicious user wanted to attempt a quick attack agains the network another one would be blamed. That is unless you have cameras or a good physical access policy.

  4. #34
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    Originally posted here by rabit
    Speaking of being accountable for what happens when one's username is logged in, it is relatively easy to obtain another's user/pwd. It takes under 3 seconds to install & take off a hardware keyboard logger. This wouldn't really help w/ surfing since surfing is a lengthy activity & one is bound to be seen by someone, but if malicious user wanted to attempt a quick attack agains the network another one would be blamed. That is unless you have cameras or a good physical access policy.
    It's even easier than that...most end users at work freely pass their password around even though they're told not to. I've seen countless have it written on something nearby (postit on the monitor, etc) and I've seen one place where users had to have their password and username written on paper taped to the underside of their keyboard.

    All you have to do is look like you know what you're doing and Kevin Mitnick's trick of social engineering is all you have to do. They'll GIVE the information away.

    And as far as security and AUP are concerned, it's a hypocritical situation when upper level execs have full access and no rules on them when everyone else does AND it gets even better when those execs/political leaders/etc just let everyone else use their machine if they can't reach a site that's blocked by the firewall. Bad news there considering it's a security threat as well as people seeing that person X has more than everyone else.
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  5. #35
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    You know all the AUP talk aside, I use to just walk around with my "destructive packet filterers" (aka - scissors)in my hand and gently remind the engineers that if use my def gateway as their IP address and bring down the whole network again, they'll be pushing the remains of their vehicle home with a pink slip!!! hehehehe That always gets them.

    Funny, the only people that really abused the privelege of network use were the ones that had hiring or firing ability. Does that seem strange to anyone? .... Nah.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #36
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    it's a hypocritical situation when upper level execs have full access and no rules on them
    not where i work they dont - only the techs do

    v_Ln

  7. #37
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    The latest BOFH has something about this.... Not strictly relevant, but hey, gimme a break .
    http://www.theregister.co.uk/2004/07...04_episode_22/

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  8. #38
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535

    my AUP !!

    Originally posted here by KorpDeath
    Funny, the only people that really abused the privelege of network use were the ones that had hiring or firing ability. Does that seem strange to anyone? .... Nah.
    Funny, the only ones ever getting infected (virii etc) at work are the ones with hiring/firing ability..

    Well and also a previously employed lamer..
    I warned him once (on paper), warned him twice (again in writing) and the third time was the charm.. Say Bye Bye mr. Lamer !!
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  9. #39
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm,
    A slightly different slant but I have had a slightly different experience from:

    Funny, the only ones ever getting infected (virii etc) at work are the ones with hiring/firing ability..
    I think that there is an ageism/eliteism or whatever, culture.

    I am used to the hirers & firers forwarding dodgy stuff to me to have a look at. Because I am over 50, I seem to be trusted..............now that is really pathetic (and dangerous too).

    I strongly feel that it is an educational thing, as I am sure we all agree, but it is also a cultural thing, and that should come from the top.........like the Director/EVP level.

    One of the main "gospels" that I preach (yeah, I know, "a voice crying in the Wilderness" ) is that it is not a stigma or shameful to receive an infected item............but it is if you open it and let it loose on the network.

    just my slant
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #40
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    "But how do we discipline questionable computer use?"


    "The old fashioned way," I reply.


    "Interviews, recommendations then dismissal?"


    "No, I said the old fashioned way, not the slow way."


    "What's the old fashioned way?"


    "Threats, blackmail."
    Now that sounds like a plan, doesn't it? D:

    But then again, another bullet proof method would be to hire Gore as the main admin. Im sure he'll take care of things the 'right' way

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •