* Posts by Big Ixie

2 publicly visible posts • joined 26 Sep 2007

IT managers caught in employees' illicit networks

Big Ixie

You're slipping

*It seems to me that you can't expect human personal lives to completely disappear when they come into work.*

If you give a luser an inch... If you feel that the policy is absurd then change it. But once a policy is in place it's not the BOFH's place to question it, only to enforce it. And realistically speaking, clamping down on luser abuse of Internet connection makes an admin's job so much easier. Because it's easier to prevent than to fix.

If users are a security threat, how do you manage them?

Big Ixie

No education

No. Don't even try to educate users. It does not work. Has the BOFH taught you nothing? I'm serious. There's no way to educate a person in a field they haven't got the intellectual background for or any affinity with whatsoever, such as computer security. Offer them a simple procedure to follow and use a cattleprod ie. serious consequences for the stupid luser who doesn't follow them to the letter. Offer incentives to the ones that do. Carrot and stick. Random sudden checks to see who if they have a password, if the password is strong enough and if they can enter it from memory. It is NOT possible to educate users, but it is perfectly possible to train them like dogs.

That is, if you really care about your company's informational security.