JP Vossen on 25 Jan 2009 14:12:33 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] back-hauling or not (was VPN issues)

 > Date: Sat, 24 Jan 2009 22:42:32 -0500
 > From: Robert Spangler <>
 > Subject: Re: [PLUG] VPN issues
 > If you require [a split tunnel] then you should first talk it over
 > [...] with your [boss] and company security before implementing this.

I can't implement it.  It's a unilateral policy from on-high.  All I can 
do it work around it so that I can actually get my work done.

 > If this is your company then good luck.

Nope.  It's a 100K+ person multi-national.  ('Nough said.)

 > I can tell you if I were the client I would require you to not expose
 > my network no matter how good/safe you believe you are.
 > Just because something is easy for you doesn't make it right or safe.

This kind of black and white attitude is why everyone hates the InfoSec 
guy (which I am one of, as I noted).  The point is not that I think I am 
safe or that it's easier, the point is that this "security" policy 
PREVENTS ME FROM DOING ANY WORK.  As any security person knows, security 
is a trade-off and is never an absolute.  Preventing work from getting 
done is a bad trade-off from a business perspective and in the Real 
World(tm) the business case is going to trump the security case, 
especially when the security case (exposure) is arguable at best.

Having said all of that, I appreciate people looking out for and being 
aware of security issues.  It's just not always as clear cut as we'd all 
  like...  And back-hauling is a particular pet-peeve of mine, as I've 
run into similar issues lots of times before and have found this 
particular cure to be worse than the disease.

JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --