|brent timothy saner on 22 May 2017 18:23:50 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] iptables question on redirection & circumvention reporting|
On 05/22/2017 09:11 PM, Christopher Barry wrote: > On Mon, 22 May 2017 15:41:24 -0400 > Thomas Delrue <email@example.com> wrote: > >> Hello, >> >> I have an internal network with a couple tens-to-hundred devices on it. > ...snip... >> >> Thanks >> > > Are you a concerned corporate citizen or a monetizing d-bag? If the > latter, piss off. If the former, read on... > > You're tracking the folks on your network. They don't like that. They > will always find ways around whatever you do. iptables won't solve > this problem, sorry. > you say this as if you know for a fact he's responsible for MAKING the policy. all i got from the email was that he's responsible for IMPLEMENTING it. often, these are not the same people. telling him to piss off and being politically charged and/or fatalistic is unhelpful. additionally, security is not binary. full stop. it is a sliding scale; the goal, assuming they're trying to do things such as filter malicious domains via whitelisting or blacklisting (which is a very valid and useful practice you seem to have forgotten about and would need to be early in the stack for prevention of malware takeovers), isn't necessarily to "spy" on the employees or restrict their access (which, i should note, i take no issue with them doing- it's the company's network, the company's paying the ISP bill, the company's equipment... i have my PERSONAL ideas on how BENEFICIAL that would be towards productivity, but there isn't a sort of ethical high-ground you can take here). where was i? right. the GOAL is to LESSEN THE RISK. *that* is the aim of security. no system is 100% secure against 100% of attacks/attackers. that's never the goal.
Description: OpenPGP digital signature
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug