Zactly! Which is why we Do NOT allow non corporate devices to connect. Our policy is quite clear and gone over at new hire orientation.
----- Original Message ----- From: Micheal Espinola Jr <[EMAIL PROTECTED]> To: MS-Exchange Admin Issues <exchangelist@lyris.sunbelt-software.com> Sent: Fri May 09 15:31:50 2008 Subject: Re: Personal Blackberries I have to agree with Jason's smart-assed response. :-) If you make the data available, someone or something will be able to replicate it. This is a battle you cannot win. http://www.espinola.net/wiki/Crowley's_law On Fri, May 9, 2008 at 3:17 PM, Jason Gurtz <[EMAIL PROTECTED]> wrote: >> That is what I want to do. However, people are bypassing. > > Oh common users *never* try to do that ;) > >> They can access via their home computer. The difference is the home >> computer is not on their hip around town with a much greater chance of >> getting lost or stolen. > > I guess management is certain that none of your users have a personal > laptop that they bring into starbucks or on vacation. > >> Also, unlike a browser based view, the method they are using is >> downloading every message, as well as storing the password. > > I hope it isn't breaking news that all three of the top browsers (IE, > Firefox, Opera) will save user login information. Hmmm, what about that > pesky cache directory... > >> So with the blackberry, they aren't just accessing the webpage (in the >> classic sense) > > I hope that smart aleck John Doe from accounting doesn't figure out how to > use foo mail utility he found on file forum, or powershell or Perl or > Python scripting or ... Darnit, is that Jane over there taking CSC > classes at the local community college? Yikes, and they're learning about > networking and http too!? I'm not trying to be denigrating here, but > hopefully you'll see some of the very real possibilities. (FYI: no less > than three non-IT personnel here are doing exactly what I am talking about > in the latter example). > > I think the bottom line is that your problem is one of policy, not of > inadequate technical solutions. You will have to spearhead a paradigm > shift away from a reactive and security-through-obscurity based culture to > one of proactive and decisive control. One way to start is locking > certain things behind a VPN. Then, make sure that policy requires the CEO > or some other high level executive to sign off on requests for access. > Many users won't even ask. :) At worst, make it policy not to access > corporate email via BIS. When people do it anyway, document and write > them up. When people complain about performance point at the policy; > point at lack of support and enforcement from management. You don't have > to be offensive, but do lay the facts on the table. > > ~JasonG > > -- > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
