I think if the IT admins fired staff for minor things such as bringing files onto their computers, the response would be to bring their own laptops to work and not touch to corporate network except for the minimum possible. Most work would get done on the laptops, the admins would have a very empty LAN to look after.

...and some people wonder how it is that some corporate networks get "hacked" or otherwise compromised which leads to all the identity theft we hear about these days.

I agree with the person above...fire a few of them and set an example.

Surely not, no!

Except for PHBs who manage to fool themselves that their staff love them. Have they any idea how much repressed hatred there is swilling around in the hearts of their employees?

Being careless with IT security is an almost perfect outlet for passive-aggressive feelings that are normally unmentionable in case the corporate thought police notice and write it up in your zapiska.

old news, even here in the military, it is a classic case of "Do as I Say, not as I Do".

Our chief officer here that is in charge with data protection security gives lectures on protection measures every couple of months or so and when the lectures are finished, what do you think he does then ??

When he goes back in the office to his work pc, he takes out from the pocket a *personal* (yep, brought from home) USB stick on which he keeps music and other random junk and plugs it into the OFFICE PC to add more music and other crap on the computer, files that he BRINGS FROM HOME (where he uses a crappy old windows 98se pc that is connected directly to the internet, without ANY FIREWALL).

Meh... i cannot do anything about it, since he is in charge of company policy and i'm only a lowly system admin in his view. :( (and he usually gets me to do all the difficult tasks that he doesn't know how to do, for example editing a BITMAP object that is embedded in a .doc document...)


And when the office PCs get virused they all beg me to help them and clean their computers.

During the last two-three months we had two nasty company-wide infections of W32.SillyFDC and W32.Resik.A that kept popping their heads on all the computers that had autorun enabled, via autorun.inf on USB sticks. (not many had it enabled, but at least 3 or 4 per department did).

I tracked them down to some *personal* sticks that were brought in from outside, but the problem is that i can't keep updating the damn antiviruses daily as the computers are classified, standalone and not allowed to be connected to any network. This opens up the door for a whole load of PEBKACs. (and disabling the usb ports is NOT an option.)

I still haven't found any reliable software for USB device media access control.
All that i saw so far rely on remote control via a network, using a central authorization server. I haven't found yet one that uses digital signature files for USB media and that can operate independently of any network connection.


Oh...and this is in a country member of the European Union... bah.

Fire a few of them for it and I bet others will suddenly care about the IT security policy...

The real problem is that in most cases, the IT white collar worker is more experienced than the IT help desk employee. So basically they don't have a chance at understanding how we use OpenSSH and similar technologies to do basically whatever we want on any network, not just the one at work.

is how management loves feel special and will want you to make it as easy for them to do their jobs..forgetting about all that inconvenient security.