Ha ha , the irony is I quoted Ed's famous words just a few days ago in an executive briefing.
On Fri, May 9, 2008 at 3:31 PM, Micheal Espinola Jr < [EMAIL PROTECTED]> wrote: > I have to agree with Jason's smart-assed response. :-) > > If you make the data available, someone or something will be able to > replicate it. This is a battle you cannot win. > > http://www.espinola.net/wiki/Crowley's_law > > > On Fri, May 9, 2008 at 3:17 PM, Jason Gurtz <[EMAIL PROTECTED]> > wrote: > >> That is what I want to do. However, people are bypassing. > > > > Oh common users *never* try to do that ;) > > > >> They can access via their home computer. The difference is the home > >> computer is not on their hip around town with a much greater chance of > >> getting lost or stolen. > > > > I guess management is certain that none of your users have a personal > > laptop that they bring into starbucks or on vacation. > > > >> Also, unlike a browser based view, the method they are using is > >> downloading every message, as well as storing the password. > > > > I hope it isn't breaking news that all three of the top browsers (IE, > > Firefox, Opera) will save user login information. Hmmm, what about that > > pesky cache directory... > > > >> So with the blackberry, they aren't just accessing the webpage (in the > >> classic sense) > > > > I hope that smart aleck John Doe from accounting doesn't figure out how > to > > use foo mail utility he found on file forum, or powershell or Perl or > > Python scripting or ... Darnit, is that Jane over there taking CSC > > classes at the local community college? Yikes, and they're learning > about > > networking and http too!? I'm not trying to be denigrating here, but > > hopefully you'll see some of the very real possibilities. (FYI: no less > > than three non-IT personnel here are doing exactly what I am talking > about > > in the latter example). > > > > I think the bottom line is that your problem is one of policy, not of > > inadequate technical solutions. You will have to spearhead a paradigm > > shift away from a reactive and security-through-obscurity based culture > to > > one of proactive and decisive control. One way to start is locking > > certain things behind a VPN. Then, make sure that policy requires the CEO > > or some other high level executive to sign off on requests for access. > > Many users won't even ask. :) At worst, make it policy not to access > > corporate email via BIS. When people do it anyway, document and write > > them up. When people complain about performance point at the policy; > > point at lack of support and enforcement from management. You don't have > > to be offensive, but do lay the facts on the table. > > > > ~JasonG > > > > -- > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > > > > -- > ME2 > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
