Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

Re: Linked-in and its Phishing-like contacts option!
From: Jim Seymour <jseymour () LinxNet com>
Date: Fri, 26 Apr 2013 11:38:48 -0400

On Wed, 24 Apr 2013 19:26:01 +0000
"Gautier . Rich" <RGautier () drc com> wrote:

Thoughts? I'm wondering why User Operational Security falls under the
realm of Firewall Wizards..

I think of it this way: Firewall security, in and of itself, doesn't
get the job done.  You may have the most bullet-proof border the world
has ever seen, but, unless that bullet-proof-ness means essentially
blocking everything, both incoming and outgoing, it will not be
enough.  A layered defense is mandatory.  One of those layers is
end-user operational security.

Our goal is to protect the organizational jewels, no?

Besides: We've pretty-much beaten stateful/deep-packet inspection vs.
application proxy to death, no? :)

... plenty of users seem to
be perfectly willing to accept the risk (or be unaware of it).

Both, IME.

However, not much you can do on the firewall side other than turning
off webmail access...

Turning off webmail access?  How would one accomplish  that, exactly,
without essentially turning off web access entirely?

As for LinkedIn: I've received so many LinkedIn emails reported as spam
at work that they've occasionally been there.  I may have them listed
on my mailserver at home, for the same reason. (Possibly so. Can't say
as I've seen LinkedIn spam for a while.)

This nonsense of them asking for "work email password" is grounds, in
_my_ view, to block them entirely.  That's intolerable.  I'm going to
see if I can do that.

But I'm old school.  I don't believe convenience, golly-gee-whiz-bang,
and _especially_ "social networking" ought to trump security.  Generally
my bosses tend to agree. (Esp. ever since a couple of the Big Guys
attended some-or-another network security briefing, which incl. a
retired FBI agent, and were told that "whatever your network security
is, it's probably not good enough" and "for God's sake, whatever you
do, do not lose your network geek" ;).)

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]