On Mon, 10 Jul 2006, Peter Harrison wrote: > Liz Quilty wrote: >> Surely if work has blocked it then you shouldnt be using it. > > In an ideal world companies would have efficient firewall processes which > would quickly evaluate a request to modify a firewall rule, and to quickly > implement a change. > > Most companies however either have nobody responsible for the firewall - it > is simply an appliance, often one that is in the ADSL router itself, or in > larger organisations it is controlled by a administrator whose sole purpose > in life is "ensuring security"; thus any change to the most limited > configuration is a security threat. > > The consequence is that the average developer hasn't a hope in hell of > changing a organisations firewall rules, while needing vital resources > outside the organisation to complete a project. > > Being right about a companies poor resourcing in the security/firewall area > is cold comfort when you are living on the street after bing kicked out of > the flat when you were fired for not completing that project on time. > > Okay, perhaps I'm exaggerating a little, but the point is that often > developers do whats needed to get the job done, and most of the time there is > no question about the means. However, once or twice in the states employees > have been taken to task about "evading company security measures". Hard > places and rocks come to mind.... Speaking from experience in this very environment, theres often more to it. SSH can be used to tunnel - potentially in _either_ direction. Beyond that, unless it is required for work-related purposes it simply doesn't feature on the company radar, very likely. You're there for a purpose. I used to fight tooth-and-nail to retain shell access at work - fought to justify it, to keep it, etc etc. The difference is that over the last few years work has gotten to the point where even if I had shell access, I'd be rarely using it. I'm busy enough now that if I get to check my mail via webmail twice a day I'm doing well. Thus, if you were really busy at work, you wouldnt be worried about it. ;-) If on the other hand you could justify SSH outbound from the office, then they'd be able to provide an 'approved' means to do so. One company I used to work for used to provide a single dedicated system that was permitted through the firewall, and everyone with a need to administer systems on the network had to work via that box. It was closely monitored and audited. So at the risk of jumping on the bandwagon, if its blocked, the best thing to do is justify the need to go-around-the-block to those with the power to engineer you a solution, not a 'hack'. Mark. (Who despite spending the first 5 years of his employed life on live, internet-connected networks, now spends 99% of his time on networks which don't even have access to the web. You do get used to it... eventually.)
| More information about the AuckLUG mailing list |
If you have any questions or comments about this page, email the
Webmaster Design Copyright © 1998-2005 Linux.net.nz |