Remote access

Marko Vojinovic vvmarko at
Fri Oct 14 12:02:43 UTC 2011

On Friday 14 October 2011 12:42:03 Ed Greshko wrote:
> On 10/14/2011 07:26 PM, Marko Vojinovic wrote:
> > <quote>
> > A firewall cannot protect a network against its own internal users, and
> > should not even try to.
> > </quote>
> > 
> > So, if the OP asks his admin to allow him the access, and is refused, I
> > think it is perfectly legitimate to DIY and pierce a connection through.
> I've know a few *former* employees that thought doing so was legitimate.

Legitimate != legal.

A serious admin should take the time do explain the security implications to 
the user, and persuade him not to do what he wants to do, while providing the 
user with a legal alternative. Failing that, the admin has no operational 
control over the user piercing the firewall. The admin is actually at the mercy 
of user's understanding of security and compliance with the "company rules" 
that the admin cannot actually enforce in practice. Both the admin and the 
user (and their bosses) should be aware of that. The firewall is *not* a 
security measure against insiders, but only against outsiders.

Legal actions against users that disobey company policies is an entirely 
different topic, and should be handled on a case-by-case basis. Sometimes they 
have merit, sometimes they don't. It is up to the OP to judge the legal 
consequences of his own actions.

Have you ever crossed the street when the red light was on for pedestrians, in 
a situation when there were no vehicles in the street? Was that legitimate? 
Was it legal? Was the rule enforceable? Was breaking the rule possible? One 
should make sharp distinction between each of those questions.

Best, :-)

More information about the users mailing list