On Sun, Feb 12, 2012 at 9:52 PM, Nico Williams <n...@cryptonector.com> wrote: > On Sun, Feb 12, 2012 at 7:51 PM, Krassimir Tzvetanov > <mailli...@krassi.biz> wrote: >> Sorry, tough questions only... no answers :) > > Not really tough. A good policy is: don't allow personal use of the > corporate network. No gmail. No yahoo. No employee-owned devices. > No shopping. No nothing. Allow HTTPS only to white-listed sites > (e.g., vendor software update services, a github or a sourceforge, if > the company uses open source projects, and so on). > > Ten years ago that might have sounded draconian. Twenty-five years > ago such a policy would have been unthinkable (user-owned network > devices? Internet access? what are those things?). But now we have > 3G and 4G everywhere. Employees can be connected to the Internet > without going through their employers' networks. So why not apply > such a policy? I think it's the best approach. In some cases > employees may not be allowed even personal devices connected using > public 3G/4G networks (think of sensitive military / research sites), > and that would hardly be the end of the world.
This response is a off-topic, but as much as I agree with this, I also think that it is totally unrealistic. Why? Because there is a ground swell of BYOD at companies and for the most part, it seems to be being pushed, not by the techies, but rather by the upper level executives. And when it gets right down to it, its hard to tell your CEO or CFO that they may not bring their iPad2 to the office and connect to the company network, or connect it to the internal company network through a VPN when they are off-site. So you had better find a way for them to do it safely and securely or you will find yourself looking for another job. So we need to find a way to deal with it as it's only going to get worse. -kevin -- Blog: http://off-the-wall-security.blogspot.com/ "The most likely way for the world to be destroyed, most experts agree, is by accident. That's where we come in; we're computer professionals. We *cause* accidents." -- Nathaniel Borenstein _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography