RE: Browser Hijackers
- From: "Quillman Shawn (RBNA/CSA1)" <Shawn.Quillman@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 6 Apr 2004 16:41:47 -0400
Amen.
<soapbox name="rant">
And really it all comes back to what your policy is in the first place. You
can build your policy however the heck you want, allowing/disallowing whatever
the heck you want. It's up to you (being the
corporation/company/business/etc). Allow IM. Allow sports. Hell, allow day
trading. If the "tool" is required or otherwise allowed that's up to you and
you should put it in your policy. But at some point it becomes just that:
policy. People get fired because they violate some kind of policy. What the
heck is the point of having a security policy if you don't enforce it? People
that intentionally do things to circumvent it need disciplined. And what the
heck is the point of having a security policy if it doesn't match what your
requirements are? If you are truly ignorant/uninformed then a slap on the hand
or other gentle "you messed up" is good. But, as Jim says, the "I have a right
no matter what your freakin' policy says" folks need to have it explained to
them in a different way. You only need to be hard on users who make it hard on
themselves. If you adopt some general catch-all security policy and don't
tailor it to your needs, then you're making it hard on yourself as an
admin/corporation/entity.
One last thought: I feel for all of you out there who are going to come back
with "But my boss won't allow me to enforce the policy". Put some kind of
cover-your-a$$ measure in place and send things uphill when they go south on
you.
</soapbox>
-Shawn
-----
Shawn R. Quillman
Robert Bosch Corporation RBNA/CSA1
38000 Hills Tech Drive
Farmington Hills, MI 48331
(248) 553-1164 (P) (248) 848-6969 (F)
shawn.quillman@xxxxxxxxxxxx
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, April 06, 2004 4:22 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Browser Hijackers
http://www.ISAserver.org
Hi Amy,
I only resort to "the tool" when they refuse to "play nice with the other kids".
There's always one or two in the bunch that haven't moved beyond emotional
adolescence, and these are the ones I usually swing on.
Everyone gets many tries at absorbing facts and adjusting their own behavior; I
have just have no tolerance for the "I have a right"
mentality that usually forces a network admin to post questions like these.
Case in point:
Occasionally, a virus will make its way into the hallowed halls of Borgdominium
(no; really - it's happened!) and our ever-vigilant
network admins will start shutting down switch ports in an effort to contain
the beast.
Unfortunately, we have a greater-than-normal quantity of per-capita ego here.
These folks of the monster-ego bent who find themselves cut off from the
network will, instead of trying to clean up their machines,
run a network cable to their neighbor's office.
My favorite game in those times is "cut the cable" and I keep a pair of sharp
lineman's scissors (t-phone guys know these little
gems -they can cut pennies!) for just such an event.
I just love hearing them scream about calling security because their "tap
regeneration" was intentionally destroyed...
Jim's Rules of User-Engagement:
1. ignorance is allowed once and only once. I'm more than happy (and
available) to educate Joe (and Jane) user, but they have a
communal responsibility to exercise
2. forgetting the ignorance cure is allowed once and only once. Everybody
experiences cranial effluvium on occasion and forgiveness
is next to godliness
3. "oh, yeh, huh?" earns Joe (or Jane) User an out-of consciousness experience
If it sounds like I'm a total jerk, a$$, or any other uncomplimentary
description, you're right, but only when it's obvious that
userX is incapable of seeing past the end of their own nose.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Amy Babinchak" <amy@xxxxxxxxxxxxxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 06, 2004 12:59
Subject: [isalist] RE: Browser Hijackers
http://www.ISAserver.org
Wow Jim you're so hard on the users. Without computer users I don't have
a job so they've got my respect so matter what predicaments they manage
to get into. These days with so much business dependent on the Internet
and much of it involving surfing for the best deal, managing the
Internet through acceptable use policies and restricting destinations
just isn't feasible in many situations. Where it is it does make sense
to use that tool but it doesn't work for everyone and that's where
cleaning tools become necessary. I've got clients in both situations and
use both methods. But I tell my clients that while security is essential
too much security can be pain in the butt for users; the trick is to
find the line that you want to walk.
Amy
-----Original Message-----
From: Jim Harrison [mailto:jim@xxxxxxxxxxxx]
Sent: Tuesday, April 06, 2004 12:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Browser Hijackers
http://www.ISAserver.org
Actually, without the support of "those who make the rules", your ISA
policies are so much floofy stuff.
Get them to publish an "acceptable use policy" for the company and make
the responses commensurate with the violation severity.
Personally, I favor aluminum softball bats as a "user adjustment" tool;
they make such a satisfying "bing" when they make skull
contact.
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://www.microsoft.com/isaserver
http://isaserver.org/Jim_Harrison
http://isatools.org
Read the help, books and articles!
----- Original Message -----
From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, April 06, 2004 09:34
Subject: [isalist] RE: Browser Hijackers
http://www.ISAserver.org
You say that (This is called content or web access control.) so
casually. It's amazing. It just rolls off the tongue.
If I had my way, and I usually do for this sort of thing which is why
this is so frustrating, I would simply yank their access. But there are
others that feel that I have been reading to much BOFH lately and that I
may create a user jihad against I.S. Personally, I don't see the issue.
If you abuse the privilege of the fairly open access that we provide,
you loose that privilege. But this is a new era I guess where I could
hurt somebody's feelings for pointing out that surfing for cell phone
ring tones, wall papers, screen savers, games, or wherever they are
surfing when they download every web bug known for a computer THAT IS
NOT THEIRS was not a proper use of company resources.
Ahhhh ... Thanks for letting me vent. I feel much better now.
Now... Where is that "bigger hammer"?
Ray Dzek
Network Operations Supervisor
Specialized Bicycle Components
PH: 408-782-5420
FX: 408-782-5421
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Monday, April 05, 2004 5:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Browser Hijackers
http://www.ISAserver.org
This is called content or web access control.
You need to look into controlling website access by users.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
> -----Original Message-----
> From: Ray Dzek [mailto:rdzek@xxxxxxxxxxxxxxx]
> Sent: Monday, April 05, 2004 3:13 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Browser Hijackers
>
> http://www.ISAserver.org
>
> We are getting clobbered with browser hijackers lately. It is really
> out of control. This is of course mainly due to stupid user tricks -
> people going places they no reason being when using a corporate
> computer. But that said, it is what it is.
>
> What security scanner for ISA protects against this type of threat?
> Do the regular ISA AV plugins like GFI, etc. protect against these
> attacks?
>
>
> Thanks in advance.
>
>
> Ray Dzek
> Network Operations Supervisor
> Specialized Bicycle Components
> PH: 408-782-5420
> FX: 408-782-5421
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
amy@xxxxxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
shawn.quillman@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
