|
Posted by on September 25, 2006, 6:33 am
If you were Registered and logged in, you could reply and use other advanced thread options
Leythos wrote:
> chilly8@hotmail.com says...
> > X-No-Archive: Yes
> >
> > Leythos wrote:
> > > charlesnewman1@comcast.do.not.spam.me.net says...
> > > > > White lists are built based on a customers needs, we use them with
every
> > > > > company, and we have multiple levels of filtering based on the user
> > > > > type/group/level. As an example, basic level employees don't even get
> > > > > internet access in most companies, medical claims people only get
access
> > > > > to the claims partner websites, managers get a very locked down set of
> > > > > site definitions, even IT has restrictions.
> > > > >
> > > > > The idea that you "Need" access is a myth, very few businesses "Need"
> > > > > unlimited web access, but few are willing to understand that.
> > > >
> > > > Its not a matter of that, its a matter of how much work IT is
> > > > willing to do. It is far easier to slap WebSense, Cyblock, etc,
> > > > etc, on the network, select the site categories they want
> > > > to block and be done with it. These programs require
> > > > far less work than setting up a whitelist.
> > >
> > > While one requires more work, they do not result in the same level of
> > > protection nor the same level of access.
> > >
> > > With most quality firewalls and a web-blocking service, I can eliminate
> > > IM, WebMail, use of Proxy services, and connections to most sites that
> > > would allow people to reach home/their computers. The problem is that
> > > people expect their work to provide them play time while at work, which
> > > is not ethical. Many businesses are moving to no-internet access except
> > > for those that have a real business need and then it's based on a white
> > > list.
> > >
> > > It's not more work, as there are a limited number of sites for most
> > > businesses that they need to approve.
> > >
> > > One of these days, Charles, you will understand how easy it is to
> > > protect a network, and not using the toys you know about.
> > >
> >
> > There is one thing you and Charles both overlook. That is the fact
> > that citywide WiFI is available in many areas, either provided by the
> > city, or through a commercial venture. Wireless ISPs (wISPS) use the
> > same 802.11 standard as your home of office access point. Someone could
> > disconnect from the office network and sign on to the citywide WiFI
> > network, and totally bypass your firewalls and everything else. If thre
> > is any citiwide WiFi network, whether provided by the city, or by a
> > commercial venture, watch out. Someone may well disconnect from the
> > ofice network and sign on to the citywide WiFi network. Since it would
> > be the wISP that wold be handling the traffic, the activity would not
> > show up in any of the network logs. Heck, someone could even bring in
> > their own laptop and plug into the citywide WiFi network (if your city
> > has one).
> > And there are ways to hide ones activity. There is the caller to
> > my online talk show, whoj called in from her workplace in Vegas, and
> > she was able to do it in a way where the boss would have NO CLUE as to
> > what she was up to. And being that I only stream at 24K, when I do my
> > talk show, that would only amount to a few megabyts a day, overall, if
> > someone listened to the entire 2-hour program. That would be no more
> > than than an average days Web browsing, so it would not stand out for
> > any ecessive bandwidth usage. And I am seeing more listeners coming in
> > from workplaces all over the USA, when my talk show is on the air.
> > Because of the low bandwidth usage, the boss would have no CLUE they
> > were listening to an online talk show for 2 hours.
>
> Wrong, wireless would mean they have to have some control, and it would
> typically also generate packets we would see during a network transition
> - provided they could do it on their computers.
>
> If a call is made from a facility, using the network or phone system, it
> can be seen.
>
> You are only seeing traffic from improperly secured networks.
Well, what hour of the day I do my show depends on where I am in the
world. I was in the USA the other day, and was on during the "working
hours" in the western USA. That is when I had the caller from Vegas on
my program.
I am in Europe for a couple of weeks to cover figure skating
comeptitions here, and I was doing my show during the hours of 10AM to
12PM CET, and I could see a lot of connections from wokplaces in Europe
during that time. In the chat room I have asscociated with the show,
there were a lot of European listeners sneaking onto their home
computers (broadband is more widespead in Europe) and listening to my
show that way. I did also see a lot of connections via Tor and
Corkscrew nodes.
If I keep the bitrate down, and the bandwidth usage low, listening
to the entire 2 hour program would amount to no more than a few
megabytes per day, well below what might trigger any suspicion, since
it would look like normal Web traffic coming in via the HTTP protocol
Any European syadmins monitorong their systems between 10AM and
12PM CET would have seen some strange traffic on their networks, but
the low bandwidth usage would make it look like normal Web traffic, on
port 80, and they would have NEVER been the wiser to what was really
going at a particular users workstation.
I wonder what will happen when we go to do live audio from the
Nebelhorn trophy later on this week. On Thursday and Friday, it will be
during the working hours in Europe. Parr of the Friday schedule falls
during hte working hours in the Eastern USA, so admins in the USA might
have a few problems detecting it as well.
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map