[SATLUG] End Runs article from Wall Street Journal

[John C]

Charles Hogan wrote:
> 1. How to send giant files
> Set up a server specifically for this task.
> Tailor the server to the users needs, (ie.. let sales people set-up
> their own address books, etc...).
>
> 2. How to use software that your company won't let you download
> Block site with web-alternatives.
> Dump MS and set noexec option when mounting partition with home
> directories.
> Tighten user privileges.
> If this fails, or is not an option - initiate upgraded security
> policies, (read BOFH harassment strategies,) for the user.  (Force
> password changes randomly, purge personal settings randomly,
> gratuitously reorganize user's home directory...)
>
> 3. How to visit the Web sites your company blocks
> Block the proxy sites as well
> Upgrade security policies for habitual offenders. :)
>
> 4. How to clear your tracks on your work laptop
> Teach them how to do this.  If they aren't doing this already, they
> should probably be fired.
>
> 5. How to search for your work documents from home
> Thin-clients at the office with users home directories on a central
> server, and give them ways to VPN to the server if they need to.
>
> 6. How to store work files online
> See 5.
> For Offenders:
> Block all access outside of the company net.
> Give them all the free time they need to seek other employment.
>
> 7. How to keep your privacy when using Web email
> Set-up company web-mail servers and require SSL encryption on them.
> Harsh penalties for using personal accounts for work related purposes.
>
> 8. How to access your work email remotely when your company won't
> spring for a BlackBerry
> Set-up company web-mail servers and require SSL encryption on them.
> Have a friendly chat about how the employee needs a social life that
> shouldn't include the need for a "work break".
>
> 9. How to access your personal email on your BlackBerry
> Don't give them a BlackBerry.
>
> 10. How to look like you're working
> If they are still able to get their job done in a timely and efficient
> manner, don't worry about it.
> If they have pressing deadlines and are caught, ask them how they
> would like to look as though they are unemployed.
>
> :)
>
> Thomas King wrote:
>> I'd like to hear how the sys admins on this list would handle locking
>> down the
>> end runs described in this WSJ article:
>> http://online.wsj.com/article/SB118539543272477927.html?mod=todays_us_nonsub_journalreports
>>
>>
>> If it prompts you to register, I was able to get to the article from
>> here:
>> http://blogs.techrepublic.com.com/hiner/?p=528
>>
>> I personally want this to be a learning experience, not a pi**ing
>> contest.
>>
>> Tom
if you want absolute security...create a whitelist of sites and allow
access only to those sites per user login

some users get higher level access than others obviously.

but i work in an environment where we are locked down about as tight as
you can get...no yahoo mail, no aol mail, no hotmail, no shopping sites,
no proxy sites unless in your our competitive comparison group and need
to access our competitors anonymously, and under no circumstances are
external connections allowed...and you know what? the proliferation of
sprint/verizon wifi cards has more than tripled. we're the best thing
that's ever happened to these companies.

the use of cell phones for texting/email has also skyrocketed and we
wind up looking dumb to our clients..."can you look at this on our web
site?" "no..i'm sorry. we are not authorized to view sites that are not
previously approved by management. we'll have to wait for someone with
full access to come in before we can authorize that"

heck...they even tried to block the use of firefox...which had me
kicking and screaming because firefox is vital in my job...as i have to
peruse scary sites with sometimes malacious content. i need no-script up
and running.

and if that isn't enough...we have landesk which seems to die everyone
someone sneezes in our office. i don't know what's up with that.