Tilted Forum Project Discussion Community - View Single Post

Pragma · 07-26-2007, 04:10 PM

Here's my thoughts (seeing as how I run network security at my workplace):

* If it's my hardware, I own it - no matter what. SSL, encryption software, whatever - doesn't matter. If I want to monitor your activities on it, I will find a way.
* If it's on my network, I own it - no matter what. Man-in-the-middle to break SSL sites, regular packet captures to watch for suspicious activity, thorough logging of our web proxy, etc.

If there's anything that you don't want your workplace to see, don't do it on their hardware and don't do it on their network. That's my view of the situation - compromising on that at all and you're (worst case) giving them all of your information.

(Yes, I realize this sounds very harsh and authoritative, but as Scott McNealy said so well "You have no privacy anyway. Get over it."

07-26-2007, 04:10 PM	#9 (permalink)
Pragma I am Winter Born Location: Alexandria, VA	Here's my thoughts (seeing as how I run network security at my workplace): * If it's my hardware, I own it - no matter what. SSL, encryption software, whatever - doesn't matter. If I want to monitor your activities on it, I will find a way. * If it's on my network, I own it - no matter what. Man-in-the-middle to break SSL sites, regular packet captures to watch for suspicious activity, thorough logging of our web proxy, etc. If there's anything that you don't want your workplace to see, don't do it on their hardware and don't do it on their network. That's my view of the situation - compromising on that at all and you're (worst case) giving them all of your information. (Yes, I realize this sounds very harsh and authoritative, but as Scott McNealy said so well "You have no privacy anyway. Get over it." __________________ Eat antimatter, Posleen-boy!