[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MAC address in pf.conf

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: MAC address in pf.conf
From: Mike Shaw <mshaw_(_at_)_wwisp_(_dot_)_com>
Date: Tue, 10 Sep 2002 15:21:20 -0500

One thing that's being missed here is policy. If you don't have a usage agreement in place, then it's really just open season on whatever controls you try to have in place. If users understand that changing the IP address of their local machine is against policy, or (even better) that "circumventing access controls in an unauthorized manner", or that "accessing the internet without prior approval" is 'bad' and will result in discipline, then you have some preventative teeth behind your controls.

Through this type of agreement alone, I was able to reduce file sharing activity by 100% at a company I was working with. If people are willing to subvert organizational policy, then they are ethically challenged and don't belong in the organization.

Of course, this is assuming you're in an environment where you can implement policy--such as a corporation or other at-will organization.

-Mike

References:
- Re: MAC address in pf.conf
  - From: Lars Hansson

Prev by Date: /fxp0: device timout
Next by Date: ISAKMPD errors with aggressive mode and certificates
Previous by thread: Re: MAC address in pf.conf
Next by thread: ipv6 setup question
Index(es):
- Date
- Thread

Visit your host, monkey.org