[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MAC address in pf.conf
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: MAC address in pf.conf
- From: Mike Shaw <mshaw_(_at_)_wwisp_(_dot_)_com>
- Date: Tue, 10 Sep 2002 15:21:20 -0500
One thing that's being missed here is policy. If you don't have a usage
agreement in place, then it's really just open season on whatever controls
you try to have in place. If users understand that changing the IP address
of their local machine is against policy, or (even better) that
"circumventing access controls in an unauthorized manner", or that
"accessing the internet without prior approval" is 'bad' and will result in
discipline, then you have some preventative teeth behind your controls.
Through this type of agreement alone, I was able to reduce file sharing
activity by 100% at a company I was working with. If people are willing to
subvert organizational policy, then they are ethically challenged and don't
belong in the organization.
Of course, this is assuming you're in an environment where you can
implement policy--such as a corporation or other at-will organization.