I don't understand how "hurt feelings" got into this but email can drift off
topic in a flash. And how is anyone going to know your monitoring a port
unless you advertise it? Is this water cooler chat? Not much security there.
Soapbox email.
Why would I be embarrassed about doing my job, monitoring firewall traffic?
Jumping to strange conclusions...
In an attempt to return to the original thought...
If you are going to monitor employee's, users and/or network traffic, you
need to have what is called a "Unauthorized Use.." statement before a user
signs on. This has been a common topic (and common knowledge) in security
seminars give by security organizations. Attorney's need some information
that allows them to hold a hacker's feet to the fire for violating. Passages
like " log off if you're not a valid user" are in fact worthless. Why? Easy.
Say it's a new user at a company or at a university. At many university's
there are menu's for new students to use to obtain an account. At the time
the student first logs on though, they are not a valid user. There are
several boiler-plate examples in firewall books that put some teeth into an
"Unauthorized Use.." statement.
And believe it or not, there's no mention of "hurt feelings".
Good Luck.
> -----Original Message-----
> From: Information Security [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, January 19, 1999 10:23 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Content filtering
>
> > Date: Tue, 19 Jan 1999 10:50:32 -0500
> > From: "Knapp, Ken (SD-EX)" <[EMAIL PROTECTED]>
> > Subject: RE: Content filtering
> >
> > Sorry. I can't agree.
> >
> > I used to work for a government law enforcement agency and we
> enforced what
> > you just stated. Don't steal. That's the example you just wrote and
> its not
> > "inconsistent" with the law. To put in place a security policy that
> enforces
> > this is consistent with corporate and public law, and that is to
> "not take"
> > something that doesn't belong to you.
> >
> > I believe what Todd said, and please correct me if I'm mis-stating
> this, is
> > a policy that is "inconsistently more strict.."
>
> Yabut I know Todd, and I doubt he was talking legalistically, like you.
> He talked about "annoying people". Let's call that "systems analysis". ;-)
>
>
> > I'm all for monitoring...
>
> Yet you sound embarrassed by it. "If you invade privacy..."
> Bennett referred to "censor".
>
> Gosh, ain't there a way to monitor firewall traffic
> without running into hurt feelings simply because
> port SMTP is being checked?
>
> Sure: notify all employees that Internet email traffic,
> along with anything else passing through the firewall
> is being monitored. And, of course, state it clearly
> in the employment contract.
>
> When I went in to do email traffic analysis at one site,
> I had to sign a standard (for them) page saying I allowed
> them to monitor my phone conversations.
>
> Did I have hurt feelings that the company wanted to monitor
> its own equipment?
>
> No, especially since I was notified.
>
> People might still have hurt feelings, but at least
> they've been notified.
>
> ----
>
> > I'm all for monitoring, I do with our firewall and have with
> others.
> > But it's not something I sit there and do all day long.
>
> At some point, that needs to happen, if you're going to have
> content security. I'd say over 50 Mb of email in/out of the
> firewall on a daily basis qualifies. I have a GUI'd security
> tool for doing exactly that.
>
> These are the basic categories of email security incidents:
>
> o employees just trying to get work done
> o employees working on their own jobs while within the firm
> o "Dumb & Dumber"
> o employees within their last two weeks of work (got a new job)
> o idiots (misc)
>
> When I first turned on my (homegrown) email monitoring software
> at a brokerage firm with 7,000 employees, it picked up 38,000 lines
> of proprietary source code within the first three days.
>
> After five months, it was over 400,000 lines of proprietary source code.
>
> And that was just source code. (nor were any keywords used to spot source)
>
> People will rob and expose your proprietary operating information
> left and right, as if they had the gawd-given right to do so.
>
> And we kept telling employees it was monitored.
>
> Anyone not monitoring many megabytes of firewall traffic
> is not performing much of a security role, beyond keeping
> the barbarians coming in the gateway.
> ---guy
>
> Just lipservice.
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
