vvmarko at gmail.com
Fri Oct 14 12:02:43 UTC 2011
On Friday 14 October 2011 12:42:03 Ed Greshko wrote:
> On 10/14/2011 07:26 PM, Marko Vojinovic wrote:
> > <quote>
> > A firewall cannot protect a network against its own internal users, and
> > should not even try to.
> > </quote>
> > So, if the OP asks his admin to allow him the access, and is refused, I
> > think it is perfectly legitimate to DIY and pierce a connection through.
> I've know a few *former* employees that thought doing so was legitimate.
Legitimate != legal.
A serious admin should take the time do explain the security implications to
the user, and persuade him not to do what he wants to do, while providing the
user with a legal alternative. Failing that, the admin has no operational
control over the user piercing the firewall. The admin is actually at the mercy
of user's understanding of security and compliance with the "company rules"
that the admin cannot actually enforce in practice. Both the admin and the
user (and their bosses) should be aware of that. The firewall is *not* a
security measure against insiders, but only against outsiders.
Legal actions against users that disobey company policies is an entirely
different topic, and should be handled on a case-by-case basis. Sometimes they
have merit, sometimes they don't. It is up to the OP to judge the legal
consequences of his own actions.
Have you ever crossed the street when the red light was on for pedestrians, in
a situation when there were no vehicles in the street? Was that legitimate?
Was it legal? Was the rule enforceable? Was breaking the rule possible? One
should make sharp distinction between each of those questions.
More information about the users