Posted on 07/31/2007 7:47:38 AM PDT by redfish53
Ten Things Your IT Department Won't Tell You By VAUHINI VARA July 30, 2007; Page R1
Admit it: For many of us, our work computer is a home away from home.
It seems only fair, since our home computer is typically an office away from the office. So in between typing up reports and poring over spreadsheets, we use our office PCs to keep up with our lives. We do birthday shopping, check out funny clips on YouTube and catch up with friends by email or instant message.
And often it's just easier to accomplish certain tasks using consumer technology than using the sometimes clunky office technology our company gives us -- compare Gmail with a corporate email account.
Security expert Mark Lobel of PricewaterhouseCoopers describes the most common things employees do on the internet to jeopardize company security. There's only one problem with what we're doing: Our employers sometimes don't like it. Partly, they want us to work while we're at work. And partly, they're afraid that what we're doing compromises the company's computer network -- putting the company at risk in a host of ways. So they've asked their information-technology departments to block us from bringing our home to work.
End of story? Not so fast. To find out whether it's possible to get around the IT departments, we asked Web experts for some advice. Specifically, we asked them to find the top 10 secrets our IT departments don't want us to know. How to surf to blocked sites without leaving any traces, for instance, or carry on instant-message chats without having to download software....
(Excerpt) Read more at online.wsj.com ...
Cool. Some new ports and websites for me to block from the end users. Course, us IT guys can go wherever we want.
lol...yeah...don’t get mad with power tho or they will move you to storage B
Yup. I wonder how many people know that their IT department often employs devices that inspect every single incoming and outgoing packet. :)
I can't believe that in this top ten no one mentioned renaming file extensions and compression as ways of getting the files you want in work.......come on, these old tricks still work today!!
None of these work. We can see.
And lots of these (Since they are all backed up by “free web-based services”) will load your machine with spam and spyware. Nothing is free.
And then when you come b!tching to us about it, don’t expect sympathy. We know what behavior garners specific spam.
If you’re shopping for a house, you’ll get lots of mortgage mail. if you’re going to gaming sites, you’ll get lots of pharma / porn spams. You’ll get those pesky little PDF attachment emails from going to more “nefarious sites”.
We know. And it’s not a matter of spying on anyone (Too many people to spy on) it’s a matter of understanding how it all works.
Sometimes we IT managers just make up answers to your questions just to get you to go away. Not all the time, just to people who have it coming to them.
I can say that some, but not all of these will work.
I can also say that, generally, the reason why there are rules for using your PC, is because they're necessary. For instance, if you install non-standard software (that you've been told NOT to do) and it breaks your system, I come fix it when I get around to it.
Most of these "work-arounds" dealt with access to your PC/files remotely. Have fun explaining to your manager how you uploaded your company's financials to StreamLoad (to bypass security so you could work from home) and they were stolen and published on the web. (true story) Or how you visited one of "those" websites at home, your laptop introduced a virus at work, and now no one (all 6000-odd corporate PCs) can access the internet because the virus took down the company proxy server (also a true story).
I'll also let you know that by-and-large...IT depts collect all of the goings-on, on all of the PCs on their network. Generally, though, we don't care. Personally, I don't care if you're checking your Fantasy Football stats at lunch, in fact, I'm likely doing the same. The only time it matters is when your manager comes up to me and says "redfish53 isn't getting their work done...what do his surfing habits look like?". That's when I pay attention. It doesn't happen frequently - the last time was pretty egregious, an employee was surfing sites like "GayMenForSex" at work - but by the time it gets to me, the supervisor's mind is made up and they're looking for excuses.
People forget that their work computers generally DON'T BELONG to THEM....they belong to, and are supported by, the company. So long as the company pays the piper, they get to call the tune.
I’ve got your red stapler. And I don’t eat guacamole.
With apologies in advance to all the IT freepers present, this tread requires that I rerun my favorite Dilbert:
LOL my old boss gave me a red stapler (a Swingline!) for Christmas once.
I just might take my travellers check to a competing resort...
A good IDS(intrusion detection system) can cut down allot of the tricks mentioned, or at least alert the proper IT staff of the rogue activity. A good IT department may also have “sniffers” running on the network. Such activity can also be easily found by a search of the sniffer logs, and such activity can be reported to the proper personnel. Having a firewall(s) that log ALL perimeter activity to a syslog server, where activity can be analyzed can also be used to detect rogue activity. The trick is having an IT department with enough staff to bother with such things, and I bet that’s a small percentage. At most companies, I’d wager that no one looks for such things until after the fact when there has been a problem or security breach.
Personally, I don’t care what our users do on the internet, as long as they aren’t screwing something up. If someone is a repeat offender, they have their access privileges removed.
I applaude my network guys, two cubes down. Every one of their work arounds was blocked, even the google language translation.
I live in a Dilbert world.
Since we are a market-oriented news service and they are extremely paranoid about possible insider trading or just plain spying by the competition, it’s easy enough to understand.
That doesn’t stop people from gossiping or telling jokes on the internal messaging service. I have always figured that if they fired everyone for that, the office would be a mighty lonely place.
I laugh at the IT guys when they start swapping cards out of problem computers and still can’t figure out what the hell is going on, especially when I can walk over to the tower, and inspect the hardware and point out that I don’t even work in their department and I can still save them the trouble with a quick 2 minute inspection...
Hardware also fails... yet everyone still blames software...
Surf from a virtual machine. Or VPN from a virtual machine to the office and surf from the host.
One of our IT Security guys just printed this out, LOL!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.