brent timothy saner on 22 May 2017 18:23:50 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] iptables question on redirection & circumvention reporting

On 05/22/2017 09:11 PM, Christopher Barry wrote:
> On Mon, 22 May 2017 15:41:24 -0400
> Thomas Delrue <> wrote:
>> Hello,
>> I have an internal network with a couple tens-to-hundred devices on it.
> ...snip...
>> Thanks
> Are you a concerned corporate citizen or a monetizing d-bag? If the
> latter, piss off. If the former, read on...
> You're tracking the folks on your network. They don't like that. They
> will always find ways around whatever you do. iptables won't solve
> this problem, sorry.

you say this as if you know for a fact he's responsible for MAKING the
policy. all i got from the email was that he's responsible for
IMPLEMENTING it. often, these are not the same people. telling him to
piss off and being politically charged and/or fatalistic is unhelpful.

additionally, security is not binary. full stop. it is a sliding scale;
the goal, assuming they're trying to do things such as filter malicious
domains via whitelisting or blacklisting (which is a very valid and
useful practice you seem to have forgotten about and would need to be
early in the stack for prevention of malware takeovers), isn't
necessarily to "spy" on the employees or restrict their access (which, i
should note, i take no issue with them doing- it's the company's
network, the company's paying the ISP bill, the company's equipment... i
have my PERSONAL ideas on how BENEFICIAL that would be towards
productivity, but there isn't a sort of ethical high-ground you can take

where was i? right. the GOAL is to LESSEN THE RISK. *that* is the aim of
security. no system is 100% secure against 100% of attacks/attackers.
that's never the goal.

Attachment: signature.asc
Description: OpenPGP digital signature

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --