lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu Jun  9 18:18:46 2005
From: daniels at Ponderosatel.com (Daniel Sichel)
Subject: RE: End users as security devices


Praise be to God for the User! They are powerful! They are trainable!
They
>>are my BEST defense!
>>
>>There. I fell better now.
>>

You are onto a good thing and make a good point. 

At my last job the organizatios CAO insisted that security not block
ANYTHIHG any user wanted, IM, HTML mail, streaming audio, flash, even
desktop SMTP servers (no, I am not making this up). He also wanted NO
passwords (hard to remember, don't you know) but I talked him into at
least requiring weak ones. What a mess, viruses everywhere, keystroke
loggers, malware sucking up bandwidth and of course crash craah crash,
why is my app runnning slow? Naturally this mess was MY fault, had
nothing to do with the policy. 

Fast forward, I now work at a telephone company, discplined work
practices are ingrained and a MUST. Management believes in security and
allows my boss, the IS manager to set policies that everyone up to, and
including the owner, religously adheres to. My boss is dedicated to
providing full end user functionality but doing it securely. Result, our
machines hum, we are NEVER down, there is no spam and I can barely
remember the last virus I saw. This all works ONLY because end users
know and RESPECT the rules and actively support keeping our WAN secure. 

Don't lose faith, don't give up, keep explaining, and training. You CAN
make end users proactive participants in enterprise security. Just
remember, there will always be a few intellectually challenged folks who
need a bit of extra mentoring. Try to be patient, and NO, you can't put
handicap placards on computers used by those with IQs  below 90, sorry. 


Dan Sichel
Network Engineer
Ponderosa Telephone
daniels@...derosatel.com (559) 868-6367

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ