Working Around The Man: Responses to Computer Security

Peter Rukavina

Here’s an observation from my recent experience: users who are subjected to the authority of computer security schemes will relish the opportunity to defeat and/or work around those security schemes in equal proportion to how capricious those security schemes appear to them.

In my current situation, I am faced with the need to access a particular server that is behind a firewall, controlled by others. After several attempts to address the proper authorities in the proper manner — i.e. “doing the right thing” — and having been exposed to their seemingly arbitrary authoritarian methods, I’ve simply decided to give up, and use a technical fallback that allows me to achieve the same ends without their say-so.

I’m not suggesting that all authority is capricious, nor recommending trickery as a universal response. However it would do all computer security authority figures well to consider how their schemes appear to those that are subjected to them, for that, at least in part, will determine how effective they are.

Comments

Submitted by Davey on

Permalink

Devil’s Advocacy…

Consider this analogy: the firewall is a locked door and the server is a retail store (with toys for Oliver!) and it is after hours. Do you, a trained locksmith, crack the lock, enter the store, take the toy (even if you plan on leaving your cash behind to pay for it) even though the owner / security authority hasn’t the forethought to be open 24 hours a day?

I’ll grant you: a locksmith might enjoy the challenge of cracking a really cool lock…

Submitted by Peter Rukavina on

Permalink

My analogy:

The firewall is a locked door, and the server is a retail store (with toys for Oliver!). To be able to enter the store, I must apply to the owner. The owner only takes requests every seven days, and then must meet with his employees to decide if I will be allowed to shop or not.

Rather than jumping through these hoops, I simply enter the store through the mall entrance instead.

Submitted by Jevon on

Permalink

It’s no secret that analogies are a terrible way to argue.

It’s like, trying to convince a locked door to open itself. It’s going to stay locked. ;-)

Submitted by Cody Swanson on

Permalink

I often run into these issues at work because we have clusters of servers in different locations and 3 offices of people trying to access them. The security that is in place is there for a reason, as long as the person trying to connect isn’t trying to do something malicous or doing something that is a security risk I don’t mind helping them. It often gives me the chance to maybe change the way they had planned to do something, making it more secure.

Any network admin should be willing to help as long as you’re open about what you are trying to do, it’s their job. Unless you’re dealing with a large company or the Government that have very beaurocratic policies about security you should be fine.

Submitted by Lou Quillio on

Permalink

A finer take on the given point:

I’m lately working for a conservative organization that insists even consultants show up every day as though they were employees. Only certain applications may be used, and there’s a fussy ‘net proxy server.

They’re paying me for hard creative work that critically affects the enterprise. Short dealines are everywhere. I can get almost anything done with the tools I know and own, but they’re not approved. I can use Hotmail, but my own webmail is blocked by their proxy. There are ten electronic ways to leave the building with proprietary data (excluding paper [Hi] and my own head).

So I defeat their restrictions and defy their policies when necessary. The results-end of the business doesn’t care but the systems-end is logging everything. Hopefully they’ll know that what happens behind my own occasional proxies cannot supercede our interpersonal trust, which in fact is all we ever had.

What’s funny is how some outfits shun anyone who knows the (usually) simple workarounds.

LQ

Add new comment

Plain text

  • Allowed HTML tags: <b> <i> <em> <strong> <blockquote> <code> <ul> <ol> <li>
  • Lines and paragraphs break automatically.

About This Blog

Photo of Peter RukavinaI am . I am a writer, letterpress printer, and a curious person.

To learn more about me, read my /nowlook at my bio, read presentations and speeches I’ve written, or get in touch (peter@rukavina.net is the quickest way). You can subscribe to an RSS feed of posts, an RSS feed of comments, or receive a daily digests of posts by email.

Search