Firewalls: Re: Internet security -organ

Firewalls
(July 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Internet security -organ
From:	"Ben Ball" <ben_ball @ qmailgw . Esy . COM>
Date:	14 Jul 1995 10:13:54 -0600
To:	"Wolfgang Hopp" <Wolfgang_Hopp @ bmg . corange . com>
Cc:	"Firewalls List" <firewalls @ greatcircle . com>

                                                         7/14/95     9:40 AM
Subject: RE>Internet security -organization vs. technical solutions

Wolfgang (may I call you Wolfgang?),

Since you've already set up your firewall, no, this is not the right place
for your questions.  However, I'm sure you will get much helpful info from
this group anyway.  They're a very intelligent bunch.

You asked:

>How can we 
>
>       * detect viruses within E-Mail messages (attached files)? 

As with any file you bring into your system, if you're concerned about
viruses, you scan them before you run them.  An e-mail enclosure is just a
file like any other.  As long as you don't execute an infected file, it won't
infect you.

>       * suppress surfing in pornographic sites?

This is probably the easiest one.  You MUST do two things: 1) Hire
professionals with strong work ethics and 2) give them meaningful,
challenging work to do.  If you can't do those two simple things, you'll
never be able to prevent "porno-surf".  You can't legislate morality.  At
best, you could try to keep up with all the sites in the world that you
consider pornographic (hey, then you get to do all the porno-surfing) and bog
your firewall/gateway/router down trying to filter requests to them.  Such an
effort would be an administrative and computational nightmare.  There are no
generic "this is a porno site!" tags and no comprehensive list of sites,
regularly updated, that you could leverage.  This sort of filter is best left
at the physical user level.

>       * establish organizational rules for internet usage 
>        (company policy, internet user agreement...)?

How could you have set up a firewall without having first done this?!?  One
piece of advice:  Don't try to over legislate.  Don't turn a wonderful
resource and business tool into a dirty little secret.  Expect your people to
act professionally and they just might.  Expect them to be sneaky and
wasteful and they probably will.  Educate rather than legislate.  The beauty
of the Internet, especially the Web, is its freeform, constantly evolving,
nature.  The more you try to control something like that, the more you invite
workarounds, dissent, and reduced productivity.  Good luck and welcome to the
world!

--
Benjamin Ball   \ "Maybe all I need, besides my pills and surgery, /
bball @
 esy .
 com   / is a new metaphor for reality?" - Queensryche    \

Follow-Ups:

Re: Internet security -organ
From: sedayao @ argus . intel . com (Jeffrey C. Sedayao)

Indexed By Date	Previous:	Re: UDP Proxying? From: steveg @ cseic . saic . com (Stephen Harold Goldstein)
Indexed By Date	Next:	Re: Quaratined Mail ??? -Thanks for the inputs From: broderic @ zergo . com (Stuart Broderick)
Indexed By Thread	Previous:	Re: THANKS: Summary of known services From: "Jack Stewart" <jack @ macsch . com>
Indexed By Thread	Next:	Re: Internet security -organ From: sedayao @ argus . intel . com (Jeffrey C. Sedayao)