Great Circle Associates Firewalls
(September 1997)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: RE: simple question
From: harley @ icrf . icnet . uk
Date: Mon, 15 Sep 1997 12:31:03 +0100 (BST)
To: firewalls @ GreatCircle . COM

> I reiterate:  If you leave security decision up to
> the end user, you expose yourself to an un-
> known variable:  what will they do.

Of course.
> In many companies I work with, I would have
> a hard time even getting some of the staff to
> understand *what* and executable file is . . .
> forget trying to teach them to *not* execute
> the file unless it is from a reliable source.
This is not an unfamiliar story. But discarding all
possibly dangerous mail and downloads is not always
acceptable, however convenient it would be for IT.
That's institutionalized denial-of-service. Of course
it's best to take dangerous decisions out of the hands
of the technically-disadvantaged wherever possible, 
but the tail should not be wagging the dog. Most of us
are here to help our users function, not to hinder them.
(Or at least hinder them no more than is necessary.)

> I am reminded of the story of the woman who
> called for tech support and asked, "When I
> point the remote at the monitor and press the
> button, my computer won't come on."  Of course,
> she was holding her mouse.  This is a true
> story.

I imagine we all have stories like this. But security
is always a trade-off. Let's not lose sight of what
we're actually here for. It -isn't- to make our users
working lives unnecessarily difficult.

David Harley                  |              alt.comp.virus FAQ
D .
 Harley @
 icrf .
 icnet .
 uk        |           & Anti-Virus Web Page
Support & Security Analyst    |    Folk London On-Line gig-list
Imperial Cancer Research Fund |

Indexed By Date Previous: Reseller support in Australia
From: Daniel Baldoni <dbaldoni @ freport . wa . gov . au>
Next: Re: WatchGuard for Linux
From: Peter da Silva <peter @ baileynm . com>
Indexed By Thread Previous: RE: simple question
From: Stephen Greenwalt <StephenG @ DENVERSYS . COM>
Next: RE: simple question
From: David Harley <harley @ icrf . icnet . uk>

Search Internet Search