Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] selecting a subnet

Hash: SHA1

Jerry Feldman wrote:
> The reason I suggested password is that it just restricts the ad hoc
> user from using the network. This is a short-term requirement for the
> OP. And, assuming the WAN port of the router is plugged into the
> corporate network. This way the nonroutable addresses will not be
> exposed. However, I have seen (and done) routers connected to corporate
> networks as switches with the wifi turned on.

> In any case, agreeing with Derek that what the OP is doing is not a good
> thing, but in this specific case, you are not going to expose those
> addresses to the corporate network, but you are allowing them onto the
> corporate network rather than an isolated guest network, which is a bad
> thing. While the non-routable addresses are not exposed, anyone on that
> subnet can go through the firewall. They can get at the company intranet
> as well as the Internet.

I'm not writing clearly, for which I apologize. The point I'm trying
to make is that users will *DEMAND* connectivity whenever *they* feel
they need it. It is not productive to say "Call IT", or "The rulebook
says ...", because users are unable to gauge security risks, unwilling to
admit that their actions may have negative consequences, and
unforgiving when told "No".

I've been there. We've *all* been there. In a nutshell, the problem is
that evolution has not prepared human beings to appreciate long-term
costs in the face of short-term pleasure - that's why cigarettes are
still sold - and too many managers feel that technically adept
subordinates are talking gobbledygook just to feel important and that
the solution to every IT problem is to threaten to kick us in the butt
in order to make the magic bits flow.

At the heart of most security concerns is the simple truth that those
in charge often choose not to concern themselves with "maybe" warnings
about "potential" risks in the face of "I want ..." demands from
{anyone but us}. I feel this is a shortcoming of American management
in general, and I have never discovered a polite or effective way to
say "You're being foolish - please don't do that".



Version: GnuPG v1


Bill Horne
William Warren Consulting

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /