Here’s an observation from my recent experience: users who are subjected to the authority of computer security schemes will relish the opportunity to defeat and/or work around those security schemes in equal proportion to how capricious those security schemes appear to them.
In my current situation, I am faced with the need to access a particular server that is behind a firewall, controlled by others. After several attempts to address the proper authorities in the proper manner — i.e. “doing the right thing” — and having been exposed to their seemingly arbitrary authoritarian methods, I’ve simply decided to give up, and use a technical fallback that allows me to achieve the same ends without their say-so.
I’m not suggesting that all authority is capricious, nor recommending trickery as a universal response. However it would do all computer security authority figures well to consider how their schemes appear to those that are subjected to them, for that, at least in part, will determine how effective they are.
About This Blog
I am Peter Rukavina and this is my blog. I am a writer, letterpress printer, and a curious person.
To learn more about me, read my /now, look at my bio, listen to audio I’ve posted, read presentations and speeches I’ve written, or get in touch (peter@rukavina.net is the quickest way).
You can subscribe to an RSS feed of posts, an RSS feed of comments, or a podcast RSS feed that just contains audio posts. You can also receive a daily digests of posts by email.
Comments
Devil’s Advocacy…Consider
Devil’s Advocacy…
Consider this analogy: the firewall is a locked door and the server is a retail store (with toys for Oliver!) and it is after hours. Do you, a trained locksmith, crack the lock, enter the store, take the toy (even if you plan on leaving your cash behind to pay for it) even though the owner / security authority hasn’t the forethought to be open 24 hours a day?
I’ll grant you: a locksmith might enjoy the challenge of cracking a really cool lock…
My analogy:The firewall is a
My analogy:
The firewall is a locked door, and the server is a retail store (with toys for Oliver!). To be able to enter the store, I must apply to the owner. The owner only takes requests every seven days, and then must meet with his employees to decide if I will be allowed to shop or not.
Rather than jumping through these hoops, I simply enter the store through the mall entrance instead.
It’s no secret that analogies
It’s no secret that analogies are a terrible way to argue.
It’s like, trying to convince a locked door to open itself. It’s going to stay locked. ;-)
I often run into these issues
I often run into these issues at work because we have clusters of servers in different locations and 3 offices of people trying to access them. The security that is in place is there for a reason, as long as the person trying to connect isn’t trying to do something malicous or doing something that is a security risk I don’t mind helping them. It often gives me the chance to maybe change the way they had planned to do something, making it more secure.
Any network admin should be willing to help as long as you’re open about what you are trying to do, it’s their job. Unless you’re dealing with a large company or the Government that have very beaurocratic policies about security you should be fine.
Well said, Cody.
Well said, Cody.
A finer take on the given
A finer take on the given point:
I’m lately working for a conservative organization that insists even consultants show up every day as though they were employees. Only certain applications may be used, and there’s a fussy ‘net proxy server.
They’re paying me for hard creative work that critically affects the enterprise. Short dealines are everywhere. I can get almost anything done with the tools I know and own, but they’re not approved. I can use Hotmail, but my own webmail is blocked by their proxy. There are ten electronic ways to leave the building with proprietary data (excluding paper [Hi] and my own head).
So I defeat their restrictions and defy their policies when necessary. The results-end of the business doesn’t care but the systems-end is logging everything. Hopefully they’ll know that what happens behind my own occasional proxies cannot supercede our interpersonal trust, which in fact is all we ever had.
What’s funny is how some outfits shun anyone who knows the (usually) simple workarounds.
LQ
Add new comment