On Friday 14 October 2011 16:28:17 Ed Greshko wrote: > All I know is this.... If I were Marko's employer and I read his views > on circumventing or flouting the rules of a company I'd start to worry. Oh, I understand you completely! :-) The opinion that I have comes from the experience of being on both sides of the "fence" --- at times, I was the client needing some access, and other times I was the admin being asked to provide such sort of things. The point is that when someone asks me to change firewall rules to allow him some type of access, I take it very seriously into consideration. If there are no security threats, I would typically grant access. If there are security issues, I would invest some effort into helping the client to achieve his goal in a different manner, and/or help him understand why his wish is a Bad Idea from a security standpoint, and I would not stop until I was sure he understood. If I don't do that, I run the risk that he is going to provide himself access behind my back, and that would be even worse. OTOH, whenever I was in a position of a client asking for something, I expected nothing less from my admin. If I ask for, say, a firewall rule to grant me some access to something, admin's reply "it's against the rules" is not enough. I go on to ask which rule, why, how, for what purpose, etc., and if the admin has good answers, I get persuaded to give up on my request for access. But quite often, the admin doesn't have a valid response to "which rules", "why are those rules in place" and "what could happen if someone disobeys that rule". If I am not persuaded that the rule actually makes sense, I go on to challenge it in one way or another. Quite often I found out that such rules are a consequence of someone's incompetence or a relict from the past, and that they are completely useless and artificial (a typical case is when the company burocracy doesn't keep up with technological development). In such cases, as well as when the admin insults my intelligence with an answer of type "it's too complicated for you to understand why...", I come to the conclusion that the rule can be ignored. Once I even got caught ignoring one of the rules, and when audited by my boss, I presented arguments for my defense that eventually led to removing the offending rule from the "terms of service" and company policy (it was about allowing access for p2p communication, torrent in particular). I wasn't even punished in any way. The rule was just plain stupid and unnecessary. The point is that I am not some hippie, ignorant of security or other policies that are enforced on the users, I just don't want to blindly "uphold the rules" without any sanity. :-) Best, :-) Marko P.S. <quote>Rules are made to be broken...</quote> ;-) -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
