Re: [PLUG] iptables question on redirection & circumvention reporting

brent timothy saner on 22 May 2017 18:23:50 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question on redirection & circumvention reporting

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] iptables question on redirection & circumvention reporting
Date: Mon, 22 May 2017 21:23:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to; bh=l+U7HsoXlhdntfhg2NCRhG5lKUpv7gYjemuZnUk5otk=; b=dqJ88dUKRHp/kqt2TXe9MCShh6jOBPH3MI3xvBIbocFycWvbVZDcTYbZmQp2v87ccA uob9dgqPdxDEuHDTBtrhSPoWuC96sUpfiNgpYPGPNu5I2rvxzR+qIFKe98AWiyjoTKZy aduRF+Y15ZWSRLg+4floBXDIMUzLcC0uc+CQvKzJlSSRWAhQs7Gidfvub79XRu4qC07L WUS5w9TJzXzRAZzOHzs+u7wgGygX2+H3cS6aMC1Sm9SpLadMxccLFpVbSI3YdFc8Z1b0 QjxCPn/oopJjmr4/xemYGF35Yd47RJ4solN2BmOi+cQl5ebElxzPjHBE8v5/NiBQTls9 Gygg==
Openpgp: id=748231EBCBD808A14F5E85D28C004C2F93481F6B
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

On 05/22/2017 09:11 PM, Christopher Barry wrote:
> On Mon, 22 May 2017 15:41:24 -0400
> Thomas Delrue <delrue.thomas@gmail.com> wrote:
> 
>> Hello,
>>
>> I have an internal network with a couple tens-to-hundred devices on it.
> ...snip...
>>
>> Thanks
>>
> 
> Are you a concerned corporate citizen or a monetizing d-bag? If the
> latter, piss off. If the former, read on...
> 
> You're tracking the folks on your network. They don't like that. They
> will always find ways around whatever you do. iptables won't solve
> this problem, sorry.
> 

you say this as if you know for a fact he's responsible for MAKING the
policy. all i got from the email was that he's responsible for
IMPLEMENTING it. often, these are not the same people. telling him to
piss off and being politically charged and/or fatalistic is unhelpful.

additionally, security is not binary. full stop. it is a sliding scale;
the goal, assuming they're trying to do things such as filter malicious
domains via whitelisting or blacklisting (which is a very valid and
useful practice you seem to have forgotten about and would need to be
early in the stack for prevention of malware takeovers), isn't
necessarily to "spy" on the employees or restrict their access (which, i
should note, i take no issue with them doing- it's the company's
network, the company's paying the ISP bill, the company's equipment... i
have my PERSONAL ideas on how BENEFICIAL that would be towards
productivity, but there isn't a sort of ethical high-ground you can take
here).

where was i? right. the GOAL is to LESSEN THE RISK. *that* is the aim of
security. no system is 100% secure against 100% of attacks/attackers.
that's never the goal.

Attachment: signature.asc
Description: OpenPGP digital signature

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] iptables question on redirection & circumvention reporting
  - From: Thomas Delrue <delrue.thomas@gmail.com>
- Re: [PLUG] iptables question on redirection & circumvention reporting
  - From: Christopher Barry <christopher.r.barry@gmail.com>

Prev by Date: Re: [PLUG] iptables question on redirection & circumvention reporting
Next by Date: [PLUG] FOSSCON 2017 Registration and speaker teasers
Previous by thread: Re: [PLUG] iptables question on redirection & circumvention reporting
Next by thread: [PLUG] FOSSCON 2017 Registration and speaker teasers
Index(es):
- Date
- Thread