On 8/11/2010 1:47 PM, Stefan Monnier wrote: >> At $work, we're having more and more problems with people bringing >> laptops etc from home and plugging them in to the network. The company >> policy has always been against this, but it was never really enforced. >> I want to change that. > What's the intention of this policy? > I ask because, depending on the intention, the best attack may be > very different. > > As a user, I'd look for ways to workaround any technical restriction you > can try to impose (e.g. clone the MAC of my office's desktop), so to > deter people like me, you'll want to combine technical measures with > social measures, or maybe you'll want to add measures that check that > the machines whose MAC you know are indeed who you think they are. > > Or rather than prevent it, you may want to focus on detecting it, so > that you can know who does it. > > Furthermore, you may want to offer some way for users to use their home > laptop in a way that's accepted by corporate policy (e.g. providing > a parallel "unsecured" network), so as to reduce the incentives for > users to break policy. > > > Stefan > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
Let me say, I'm not trying to be a BOFH. (Though there are days when it seems appealing.) If there is a valid case for giving a device access to the corporate network, it will be done. Looking back at it, the goal is two fold: - to detect illegal devices - block illegal devices I recently found out someone decided they would use their personal laptop instead of the workstation provided to them to do their work. It's been two months! The excuse I received was "I know what I'm doing, nothing will happen". This is what I want to stop. _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
