The example below is very hard to maintain if one has an IT department that
is in charge of routinely updating corporate software or auditing computers
to ensure compliance to an organization's software agreements/licensing.
I had at one time customized a secure installation of NT with all the tools
that I often use, but when it came time to install a corporate application,
the application wouldn't install because it was dependent on a .dll I
removed. The .dll was not used by any other application I had installed,
but this this application required it to be present.. It was pain to
re-install the .dll as in I had to install a whole bunch of other useful
.dlls to get the one I needed for this overly useless app.
I was informed later, that consultants were not to customize their
installations of any particular operating system since it increases IT's
support responsibility because they are used to assigning machines to
consultants that were installed from the factory. I keep on shaking my
head on how that company actually does anything useful.. :)
/mark
At 07:20 PM 9/20/00 +0200, mouss wrote:
>Hi Jeff
>
>At 17:04 19/09/00 -0500, Jarmoc, Jeff wrote:
>>I'm going to play devil's advocate here.
>
>I appreciate. It's always a good thing to do. truth is the daugther of debate.
>
>
>> > - privacy: who is allowed to see the log reports? the admin is ok, but why
>> > the managers? the FW is here for security not for "spying" the employees.
>>
>>You could argue this. In many companies, the fact that firewall's can be
>>used to monitor employee internet access is one of their biggest selling
>>points. Employer's own the PCs, bandwidth, and even time that employees use
>>for surfing, so why call it 'spying?'
>
>This seems true, but imagine an employer trying to hire someone and saying
>"ok,
>I'll give you access to a PC, but don't forget it is _mine_, and you
>should only use
>it for the company eneift, and I am the one who decides what is good". I'm
>sure the guy
>goes for another company. In other words, while there are some "obvious"
>facts such as
>who owns what in a company, this is only true from a legal viewpoint. If
>my boss
>ever touches my PC, then he will hear about it: eventhough my PC belongs
>to the company,
>it is mine while I work for the company. This is not contradictory. The
>only reason someone
>in the company can use my PC is either they have a problem with me, and
>then they better
>be right there, or the guy asks for my authorization.
>I have nothing against an employer claiming that one should use _his_
>resources the way he
>decides, but ten let him write a formal paper on the usage. Then believe
>me, I won't take any initiative,
>I'll follow the paper. Clearly, this is not what an employer wants.
>
>
>>Is it spying to monitor my home with
>>an electronic surveillance system, or cameras in order to catch someone who
>>breaks in? If not, then how is it anymore spying to monitor usage of my
>>resources to ensure no one is abusing them?
>
>if you set up a camera to watch what yur wife does at home, then this is a
>sort of
>spying and is not good. In other words, if you don't have confidence in people
>you live/work with, then there is a problem anyway.
>Also, as I said above, these are not _your_ resources. You gave them to
>your employees
>to make you earn money. Giving them the freedom to use the resources
>make'em feel
>better, and probaby more productive, which is exactly what you want. do
>they watch porn?
>so what? I prefer to have people who watch porn and are efficient over
>those who are "normal"
>but produce nothing.
>
>> In corporations where proposals
>>are sent by email, and web access can be business critical, is it wrong to
>>keep users from downloading MP3s and surfing for porn while other, business
>>critical traffic, is forced to queue up or time our entirely?
>
>This argument is almost reasonable. However, let's just take email. This
>is a forward
>and store protocol. In other words, it is difficult to say when the
>message will arive since
>it depends on the config of all the relays between the systems (this is
>not a stupid choice,
>it is reasonable: you don't wanna deliver messages when you receive them,
>but on a periodic
>basis). Let's now tae the web. seen how long it takes to download pages?
>This is primarily
>because there are too much users compared to the lines ISPs have
>installed. In other words,
>the problem is that the available resources are inadequate, and not
>because of users but because
>of financial decisions by ISPs and by companies. Believe me or not, I have
>less problems connecting
>to the net from home than from my office (though the company pays the high
>price!), just because the
>office is conected to a very used network.
>
>But let's imagine you're right. Then it is a question of priority. Why
>would I not surf just to let the sals director
>get his email/web pages qucikly? Is his work more important? How can one
>says if my surfin is good or not?
>After all, all I've learned comes primarily from publicly available
>network resources. How much would a boss
>pay for all that stuff if it was not available on the network?
>
>
>
>
>
>>This is an educational issue. It's important to inform people about how to
>>read reports.
>
>Here I fully disagree. Educational issues are the one to stay unsolved, if
>nt for eternity,
>then for very long. Yo can tell them what you want, there are things that
>you can't change
>in people behaviour. I hear'em say "Don't repeat it, it's a secret, but
>you're my friends so I'll
>tel you: Bob porn-surfed yesterday" (I'm proud of my "porn-surfed" word!).
>Also, when you
>know something, you can't act as if you don't. The day the guy infuriates
>you for some reason,
>you'll find it hard not to repeat what you know.
>
>
>
>>I think most managers I've encountered are as much concerned
>>with the type of content as they are with the duration of it's viewing.
>
>The problem is that they are not competent in this area. If content type
>control is to be enforced, then the decision and the contro are to be
>in the hands of the "strategic" staff, not the managers. If personnal
>opinions should ever come to play, then they should be those of "strategic"
>staff, as the conseuqnces may be very dangerous.
>
>
>
>>This is true, but somewhat akin to saying that people will waste time, so
>>why try to stop them. Besides, I think the concern is not so much users
>>wasting time as it is the fact that they're wasting resources. Those
>>resources could be helping someone else who is working and bringing in
>>business to the company actively.
>
>Right, but if it is a resource sharing proble, then "active" control is
>not necessary.
>react when your connection is bad because of "free surfing". Then if you
>have reasonabl people at the office, you'll come to a peaceful solution. If
>you have egoist people, then no solution is good, it'll be the jungle law:
>those who
>have the power will have the connectivity.
>
>
>> > The only reason I see for limiting access is for legal or reputation
>>problems.
>> > but that's a long long story. After all, I'm not a lawyer :)
>>
>>That's obviously a concern too. Especially under the broad definition of
>>'hostile workplace'
>
>
>
>cheers,
>
>mouss
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
