Re: Looking for Netflow analysis package
On May 17, 2013 1:54 PM, "John Starta" <john@starta.org> wrote:
On May 17, 2013, at 8:24 AM, Valdis.Kletnieks@vt.edu wrote:
On Thu, 16 May 2013 15:16:22 -0700, "Scott Weeks" said:
He DOES NOT need a 260 word signature (see below!) to make sure he does not get UCE from posting to NANOG.
Actually, I think Thomas Cannon was making the opposite point - that if he's going to spam us all with a 260 word disclaimer, it could have been expanded to 263 words and add 'No cold calls'. Or just have that and lose the other 260 words that make absolutely no sense on a NANOG posting.
Do you believe that Brent wrote the disclaimer attached to his message? Despite y/our opinions of such disclaimers, legal counsel in some companies still mandate their automatic attachment on all outbound messages. The only means of avoiding them is to subscribe to mailing lists from a personal e-mail account. Unfortunately these companies usually also have policies prohibiting your accessing personal e-mail accounts from company owned resources which can minimize the usefulness of some lists. In other words, just because we might work for "enlightened" companies doesn't mean all our colleagues can or do.
------ philfagan@gmail.com wrote: ------------ From: Phil Fagan <philfagan@gmail.com> Well put. ---------------------------------------- One, you're both missing the point. Do you think a sales droid that'll scrape a technical mailing list like NANOG for cold calls will respect whatever crap is put into a .sig? Don't answer. It's rhetorical... Two, "Unfortunately these companies usually also have policies prohibiting your accessing personal e-mail accounts from company owned resources". So don't. Set up an SSH tunnel over port 80 to your home server and access your non-paragraph-sized-signature email account from home. There's a million ways to do things and still follow corporate rules... scot
On 5/17/13, Scott Weeks <surfer@mauigateway.com> wrote:
owned resources". So don't. Set up an SSH tunnel over port 80 to your home server and access your non-paragraph-sized-signature email account from home. There's a million ways to do things and still follow corporate rules...
The disclaimer requirements seem dumb, but not entirely unreasonable -- we should just tolerate them. As for spam... no good there. I would caution against taking the advise of setting up a SSH tunnel to "follow corporate rules". In some cases, that might be subverting the intended affects of corporate rules. The outgoing SSH session (or any encrypted session or tunnel) to an unapproved non-company resource could still be a policy violation in some organizations; where they don't already have a firewall that identifies SSH protocol traffic regardless of TCP port, it is essentially firewall circumvention. The same goes for other encrypted or obscured remote access protocols such as VPNs, IP traffic tunnels, VNC over port 80. The defeat of e-mail/other network activity usage monitoring, may impact archiving of mail or compliance with banking, (or other) regulations. Since the SSH session is encrypted, the company's super-expensive Data Leak Protection software suite may be unable to analyze the outgoing traffic flow over the network. It _might_ be a harmless SSH session to post to a mailing list; OR it might instead be a covert channel for exfiltrating corporate data. The channel is encrypted... how can you prove the difference? How can the organization prove that its employees aren't siphoning customer data out of the database, to satisfy compliance with privacy laws? In orgs with different priorities, or that haven't addressed certain risks, it might be OK. But there will be organizations where it definitely is not OK, so we should just tolerate the spurious disclaimers.
scot -- -JH
participants (2)
-
Jimmy Hess
-
Scott Weeks