Rob wrote:
Rufus <[email protected]> wrote:
However, external usenet servers cannot be configured because the
network does not allow connections from the workstations to the internet.
(browsing is via a proxy server)
Most business networks at least have a firewall.
In my environment it would be possible to get around that because of how
we configure...and most certainly for an employee that took his issue
laptop home and operated on/from/with his own home net ISP - which we
have ways to do, for work from home.
That is actually quite dangerous. When you value the integrity of
the network, you should not allow the end-users to install software
and change network settings to have direct connections to the internet.
It is practically unavoidable to get malware that way.
Which is and will always be a real concern if one allows the user to
roam with a mobile device, and why we can only get Firefox from our own
internal servers. Even though we can grab pictures, .pdfs, etc. from
about anywhere. Which yes - is another hole.
When our users take their laptop home, they connect to the company
via a VPN and all activity is via the company proxy and firewall, so
all scanning and filtering is in effect. Users are not administrators
of their laptop. The firewall on the laptop does not allow any internet
traffic except to our VPN server.
...and there's an additional issue if you also allow the user to access
your VPN using their home machine - which is why there can still be
holes in a roaming situation, IMO.
When personal devices are taken into the company, they cannot connect to
the LAN. They can use the WiFi to connect to the internet, and there
they can use the access to applications that is available for internet
users (like webmail).
We don't allow personal devices on our premises. Period. They have to
be left in at home, or in the car. It *is* possible for internal users
to access webmail, but we're on our honor not to do so.
This isolation is very important. Many companies who did not do this
have been in the news as having been hacked.
Yup. Because there is *always* a way in if someone targets you hard.
--
- Rufus
_______________________________________________
support-seamonkey mailing list
[email protected]
https://lists.mozilla.org/listinfo/support-seamonkey
