On Sun, Feb 12, 2012 at 7:51 PM, Krassimir Tzvetanov <mailli...@krassi.biz> wrote: > Sorry, tough questions only... no answers :)
Not really tough. A good policy is: don't allow personal use of the corporate network. No gmail. No yahoo. No employee-owned devices. No shopping. No nothing. Allow HTTPS only to white-listed sites (e.g., vendor software update services, a github or a sourceforge, if the company uses open source projects, and so on). Ten years ago that might have sounded draconian. Twenty-five years ago such a policy would have been unthinkable (user-owned network devices? Internet access? what are those things?). But now we have 3G and 4G everywhere. Employees can be connected to the Internet without going through their employers' networks. So why not apply such a policy? I think it's the best approach. In some cases employees may not be allowed even personal devices connected using public 3G/4G networks (think of sensitive military / research sites), and that would hardly be the end of the world. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography