Wall Street Journal – How To Get Around Security Controls

On July 30 the Wall Street Journal published an article entitled “Ten Things Your IT Department Won’t Tell You“. There was a lot of angst among security bloggers. Anton Chuvakin chimed in with a post that included:

Users do this and are NOT caught since they manage to bypass the deployed security controls. Ah, this is a fun one; that is what makes security a “calling, not just a job” for so many. Go back and deploy, tune, log (yes, logging all such activities is important, especially when HR wakes up and swings the ax…) and have fun. 0days and mafia hackers might be more challenging to fight, but users are surely more numerous 🙂

There were a few excellent posts; one by Beau Woods, one by IT Compliance and another by Loner Vamp. I think Mike Rothman got it right:

But I want to make sure we don’t miss the point, which is the continued need to educate our users as to why these defenses are important and what we are protecting them from. The reason people will try to go around our defenses is because they don’t understand the importance of adhering to the rules. Sure the WSJ was borderline irresponsible in publishing this, but it’s not like a quick search wouldn’t yield roughly the same information. If you do a crappy job of selling the reasons why the policies need to be followed, then you shouldn’t be surprised that users go around you. Remember that it’s easy to be Dr. No. It’s much harder, but ultimately more important to be Mr. (or Ms.) Yes, But.


Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Information Security, IT Management, IT Security, Security, Security Awareness

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

August 2007
« Jun   Nov »
%d bloggers like this: