Re: How to do network security

PerfectReign wrote:
> Okay, the fabulous minds at the computer services department have decided
> that all 98,000 of us should be restricted to only appropriate internet
> sites and that all activity should be monitored by our username/password.
>
> So they spend a shitload of money and time and implement Bluecoat proxy
> software (http://www.bluecoat.com/) which does a great job of blocking
> sites like chami.com and devx.com.
>
> However, it has been discovered that ANY microsoft-owned domain will
> completely bypass the proxy. That includes msn.com, hotmail.com and
> whatever.
>
> The reason? They need all ms-owned domains open on port 80 to allow for
> automatic downloads.
>
> LOL!
>

I recently quit a job at a national consulting firm, for which I was a
web application developer. I worked in an office of developers and all
of us were pretty like-minded technologists (not n00bs).

The company decided, however, that since all of the Internet access for
the entire firm was routed through our datacenter (we had an MPLS cloud,
if that means anything to anyone), they would put in a filtering proxy
so that the huge number of temps and consultants we had on staff
couldn't twiddle away our money surfing the 'net. That seemed like a
good idea at first; I was a temp once, I know exactly how often I want
to twiddle away my employer's money.

Unfortunately, this proxy had a built-in blacklist that prevented us
from accessing all software download sites (all the major ones at least;
no download.com, no tucows.com, etc.), which we used all the time to
find handy utilities to do the things we needed to do as software
developers.

One day my boss got completely pissed off at all of this red tape (he
was a really good guy and understood the development mentality), so he
called up the head of IT directly and the conversation went something
like this:

Bossman: "Hello, Head of IT, please."
Head of IT: "Hello?"
Bossman: "Hi, Head of IT, this is Bossman in Somewheresville. This
filtering proxy is preventing me from getting anywhere on the Internet."
Head of IT: "What is the matter?"
Bossman: "I can't even get to Google! I can't go anywhere! Turn that
bull*** thing off!"
Head of IT: "Um."
Bossman: "Do what you have to do, my people can't get their work done. I
want it off TODAY."
Head of IT: "... Okay."

He really said bull***. I overheard the entire conversation, it was
hilarious. IBM does not filter their Internet access for anyone in the
company. You can surf for porno at IBM if you want to. Their rules state
that you can't do anything that would interfere with your colleagues'
work, but other than that, the sky's the limit.

--
Aaron

"Mankind are greater gainers by suffering each other to live as seems
good to themselves, than by compelling each to live as seems good to the
rest." -- John Stuart Mill
.

Loading