[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MAC address in pf.conf



One thing that's being missed here is policy. If you don't have a usage agreement in place, then it's really just open season on whatever controls you try to have in place. If users understand that changing the IP address of their local machine is against policy, or (even better) that "circumventing access controls in an unauthorized manner", or that "accessing the internet without prior approval" is 'bad' and will result in discipline, then you have some preventative teeth behind your controls.

Through this type of agreement alone, I was able to reduce file sharing activity by 100% at a company I was working with. If people are willing to subvert organizational policy, then they are ethically challenged and don't belong in the organization.

Of course, this is assuming you're in an environment where you can implement policy--such as a corporation or other at-will organization.

-Mike



Visit your host, monkey.org