You know, there are just some things that can’t be done. Imagine if
someone came to you and said, “Ok, you can build a boat out of
wood, but you can’t use nails, glue, straps, sealant, rudders or sails.
Go to it.” You’re just gonna build a sinking ship.
I find when such arbitrary restrictions are being made on a technology
solution it’s usually because of politics, fighting, and other
aspects of organizational culture typical of places that put more
emphasis on being right and less on evidence and cooperation. This
is especially true in government where you’re told you can’t use a
technology because it’s “not secure”, but then everyone uses telnet to
get to personnel data on the VAX.
Additionally, if these restrictions are placed by some psuedo-security
expert sysadmin type then I’m betting it’s a unilateral
decision by this one person to protect his little kingdom, and not based
on any set policy from management. If you were interested
in getting this resolved you should consider having your management
create an official security policy that outlines this very
restriction, get them to sign off on it, and then begin to enforce it on
all systems and personnel. You’ll very quickly find that the
same sysadmin who made these decisions is in direct
violation of this policy.
If this is a policy set by management, then an correctly written policy
should include provisions for an exceptional case policy so
that new technologies can be used and the organization doesn’t stagnate.
The need to adapt to changing technology is crucial,
especially when it’s possible that previously restricted technologies
could improve systems management and security.
Otherwise, you’re totally screwed.
Zed A. Shaw
On Fri, Dec 16, 2005 at 08:47:14PM +0000, lester bangs wrote:
John S. <john.smith@…> writes: