> I haven't seen the media release for CIFS forwarded here (and I've
> deleted it), but have a read of the following spec:
> (errr, please use the internet-drafts cache closest to you).
> The question is, do you let it through your firewall when your
> CEO asks for it ?
The risk management answer has to be that you only permit that which can
be permitted under the requirements of the risk policy. Anything which is
outside those requirements has to be held or rejected until such time as
someone decides that the rules have changed.
The reality unfortunately is that the people controlling the gateways are
often a fair way down the corporate structure from the CEO (and often less
exaulted beings) and depend on a pay check to feed the family.
Its a tough call.
Do you stick on principle? The CEO may not like it when you say he is
wrong and you may get fired or life becomes so bad that you leave.
OTOH if you give way and your system gets shredded, the boss who was such
a moron not to let you do your job right is not going to accept any part
of the blame and you could find your head on a pike outside the front
So maybe the call is between pain today, or extreme pain later. You should
know your own CEO and your personal needs, but if you dont the right thing
to do is attempt to do your job right which is observing the policy
Aint life a bitch?