If you can "get around it", then you aren't secure. Expecting the world
to collaborate by keeping "work arounds" secret isn't much of a strategy.
On Tue, 26 Jan 1999, Pavlichek, Doris (GEIS, GE Capital Consulting) wrote:
> Unfortunately, it's a lot of users, not just one. And the instructions on
> how to do this are actually freely available on the RealAudio web site!!!
> They literally have a whole section of their site dedicated to "how to
> circumvent the firewall", along with a list of all firewalls it works with!
> That made me extremely angry when I read it. It makes it so much harder for
> us to do our jobs when vendors like that go around telling people how to get
> around security.
>
> DP
>
> > -----Original Message-----
> > From: Cary Conover [SMTP:[EMAIL PROTECTED]]
> > Sent: Monday, January 25, 1999 10:11 PM
> > To: 'Bill Joynt'; 'Pavlichek, Doris (GEIS, GE Capital Consulting)';
> > '[EMAIL PROTECTED]'
> > Subject: RE: RealAudio
> >
> > Bill and Doris,
> >
> > Speaking strictly from a Military stand point. If the user is in
> > the
> > Military report this to his Commander. Supply the Commander with the
> > Policy
> > that prohibits the use of the network for this purpose. The Commander can
> > then take legal action to suggest to this soldier not to do this in the
> > future.
> > If it continues further non-judicial punishment can and will result.
> > At
> > first the soldier should be counseled that he/she is volating an Standard
> > Operating Procedure, Regulation, or Command Directive. Also ALL
> > Soldiers/Sailors/Airmen should be notified of this in writing. All should
> > be notified that violations of the standard can and will be swiftly dealt
> > with in a punitive manner. Then if another occurrence happens a (desktop)
> > Summary Article 15 can be used as a slap on the hands to show that the
> > Command is Serious about this. This kind can goes away after the soldier
> > leaves the unit. If a second occurrence happens then a Regular Article 15
> > can be used. This is punishment and can result in as little as extra duty
> > (Working Supervised after hours) or as much as a Court Marshal. This kind
> > stays in the Military Personnel Record and based on the way things go
> > these
> > days could mean the end of a career before it starts.
> >
> > The Military can deal with their own via disciplinary action.
> >
> > If it is a Defense Department Civilian then that person can be dealt
> > with
> > via the Civilian Personnel Office on the base in question. Much the same
> > way Military Personnel are dealt with.
> >
> > Hope this helps.
> >
> > Cary
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Joynt
> > Sent: Monday, January 25, 1999 8:11 AM
> > To: Pavlichek, Doris (GEIS, GE Capital Consulting);
> > '[EMAIL PROTECTED]'
> > Subject: RE: RealAudio
> >
> >
> > Tell the user that if he deliberately bypasses firewall policy, he will be
> > fired (or at least be in serious trouble).
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Pavlichek, Doris
> > > (GEIS, GE Capital Consulting)
> > > Sent: Monday, January 25, 1999 8:20 AM
> > > To: '[EMAIL PROTECTED]'
> > > Subject: RealAudio
> > >
> > >
> > > Question: If users get around a RealAudio port block on a
> > > Gauntlet firewall
> > > by telling their browser to use port 80 for RealAudio, is there anyway
> > for
> > > the firewall administrator to then block RealAudio without blocking all
> > > internet access? Locking out specific user IPs in order to enforce
> > policy
> > > is impossible. He's in a military environment and that would not fly.
> > >
> > > Thanks in advance..DP
> > >
> > > Doris E. Pavlichek, CCNA, CCSA/CCSE
> > > GEIS via GE Capital Consulting
> > > 301-340-5674 wk
> > > 202-255-0112 cell
> > >
> > > "Not everything that is counted counts, and not everything that counts
> > can
> > > be counted." - Albert Einstein
> > >
> > > -
> > > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > > "unsubscribe firewalls" in the body of the message.]
> > >
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
