fedora-users October 2011 archive
Main Archive Page > Month Archives  > fedora-users archives
fedora-users: Re: Remote access

Re: Remote access

From: Marko Vojinovic <vvmarko_at_nospam>
Date: Fri Oct 14 2011 - 12:02:43 GMT
To: users@lists.fedoraproject.org

On Friday 14 October 2011 12:42:03 Ed Greshko wrote:
> On 10/14/2011 07:26 PM, Marko Vojinovic wrote:
> > <quote>
> > A firewall cannot protect a network against its own internal users, and
> > should not even try to.
> > </quote>
> >
> > So, if the OP asks his admin to allow him the access, and is refused, I
> > think it is perfectly legitimate to DIY and pierce a connection through.
>
> I've know a few *former* employees that thought doing so was legitimate.

Legitimate != legal.

A serious admin should take the time do explain the security implications to
the user, and persuade him not to do what he wants to do, while providing the
user with a legal alternative. Failing that, the admin has no operational
control over the user piercing the firewall. The admin is actually at the mercy
of user's understanding of security and compliance with the "company rules"
that the admin cannot actually enforce in practice. Both the admin and the
user (and their bosses) should be aware of that. The firewall is *not* a
security measure against insiders, but only against outsiders.

Legal actions against users that disobey company policies is an entirely
different topic, and should be handled on a case-by-case basis. Sometimes they
have merit, sometimes they don't. It is up to the OP to judge the legal
consequences of his own actions.

Have you ever crossed the street when the red light was on for pedestrians, in
a situation when there were no vehicles in the street? Was that legitimate?
Was it legal? Was the rule enforceable? Was breaking the rule possible? One
should make sharp distinction between each of those questions.

Best, :-)
Marko

-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines