[SOLVED] Re: How to use ethernet for private lan and 3g for external network at the same time?
Jordon Bedwell
jordon at envygeeks.com
Fri Aug 6 10:21:54 UTC 2010
On 8/6/2010 4:56 AM, Colin Law wrote:
> On 6 August 2010 09:33, Jordon Bedwell <jordon at envygeeks.com> wrote:
>> On 8/6/2010 2:59 AM, Colin Law wrote:
>>> On 6 August 2010 02:11, archayl <archayl at gmail.com> wrote:
>>>
>>> If I were you I would get permission to do this from your manager in
>>> order to cover yourself. Otherwise imagine the disciplinary hearing
>>> if someone manages to hack in to the company system through your
>>> connection. Even better point out to your manager that you need
>>> access to the internet to to do your job properly and so should have
>>> access through the proxy. If he/she decides that you cannot have it,
>>> and are therefore less productive at your job then it is his/her fault
>>> not yours.
>>
>> It surprises me they don't offer VPN and NAT for external communications
>> *unless he truly is not productive with internet* and that they did not
>> lock down his ability to do such things. If I were the network
>> administrator and system administrator and I made such a critical
>> mistake in network and system design, I wouldn't hold him responsible.
>> Not to say I wouldn't fire him, but I certainly wouldn't blame him for
>> doing something I clearly left open for him to do. Actually, it also
>> surprises me more that they don't already know he's doing this,
>> apparently people don't monitor logs and manager don't pay attention.
>> Sounds like some people (not him) need to be fired too.
>
> How would they know that he is accessing the internet via 3G other
> than by looking at his PC? It would not appear on any logs other than
> there I think. Or are you saying that his PC should be locked down?
>
> Colin
I'm saying that system administrators *should* pass the logs to a syslog
server so that they can keep an eye on people who like to try and bypass
the weak lockdowns they do have (if any ~ since it seems apparent this
is the case they don't) and then filter down and create triggers. It
just expands on why we have syslog servers in this environment anyways
(to monitor for system problems or backcheck on reported system
problems). It becomes much easier if they're administrators are caching
on and catching up and moving to virtualization to not only cut costs
but make enforcement much easier.
I'm not saying he's in the wrong for doing what he's doing, and never
will say he's right or wrong, because that's between him and his company
more specifically between him and his administrators who will ultimately
be the win/lose machine. I'm just wondering how these guys get paid a
lot of money to let this kind of stuff slip by, yeah, we all miss stuff,
but this is a pretty big thing to miss if it can *potentially* open up a
backdoor.
More information about the ubuntu-users
mailing list