You have decided to surprise your wife by purchasing sexy lingerie from your favorite site. The problem is that you are at work and your Nazi IT department has blocked your favorite site.
The recipe (Defending yourself against Nazi IT departments)
Install BarracudaDrive on your home computer.
Make BarracudaDrive visible on the Internet by following the installation tutorial.
Enable the tunnel server for your user ID.
Go to work.
Surf to your home computer using your default work browser.
Navigate to the BarracudaDrive "settings page" and login.
Start the HTTPS tunnel client by clicking the tunnel button on the "settings page".
Start our preconfigured proxy version of the Firefox portable browser (*).
Yeah, they're nazis because they're implementing policies to make you actually work instead of having personal fun...
5a. The proxy will log this step.
7a. Certificate mismatch. Once you accept, the proxy will log this step.
9a. URL or website hits keyword filter, access denied and attempt logged.
Real 10: Get a complaint from your IT department, on repeat you'll get expelled from the IT. If your jobs depends on it, you'll get fired.
Yes that will work and not one of your IT Nazi's will be any the wiser. Idiot.
What's that saying I've been saying lately? Oh that's right ... "you don't know what you don't know, and what you think you know (maybe) just ain't so"
The precondition you imposed is that you are *already* at work. If you are *already* at work in a place with a "Nazi IT department", then you are not going to be able to install remotely onto your computer at home (at least not without it being detected).
You recipe only works if you preplan your surfing escapade, in which case you might as well just order from home.
Not sure I understand your problem. It works for me.
I have worked as a consultant for many years and I always had problems reading my own emails from behind large company?s firewalls. This solves the problem, though it requires that Java is installed on the computer I am using. I know others have experimented with putting Java on a USB-stick, but this has so far not been necessary for me.
Interesting. Do the companies you contract to not ask you to adhere to any security operating procedures? If not, more fool them, please name them so that I may approach them as they are in dire need of some good security consultancy. If they do, why do you think it is acceptable to breech them? It's not a dig as such, I'm interested in attitudes that breech computer security. I know it happens, I often understand why. In this case, you feel the resources offered by your client are insufficient and the procedures for obtaining exceptions are inefficient I guess.
Why don't you just admit that the lingerie is for yourself? Go to work in your favorite skirt and heels. Maybe they'll feel sorry for you and allow you to surf the Frederick's of Hollywood site on your lunch hour.
That is a possible solution, but why the heck should I do that when this solution is so much cheaper.
Regarding the responses to my post I realize that there are a number of Nazi IT specialists on this group. I guess certain type of people have a strong urge to control other people. I have to say I feel liberated now when you no longer can control me :-)
Your recipe only works if you have *already* installed something on your home machine, but the whole premise of your posting was that you are starting from work -before- you've installed anything on your home machine.
It is as if you had written,
"You are at work, and you want to use a hammer -now- (immediately, before going home), but your workplace Health and Safety Committee won't authorize recreational use of a hammer. Here's what you do: you go home and you tie a long long fishing line to your hammer at home, and then you go to work and you reel in the line at work until your hammer reaches you."
Well, duh, if you need to use that hammer *now*, then you can't go home and prepare the fishing line and go back to work. If you -did- have time to go home, then you could just use the hammer at home and you wouldn't need to go through the rigamorole. So your solution doesn't solve the situation that it claimed to solve: that you have no hammer and made no advance preparations and you need the hammer -now-.
The recipe you posted is a recipe for *premediated* violation of policies, not the claimed recipe for relief of acute and unexpected need to violate policies.
I would suggest that you consider getting yourself a Palm Trio and use that to surf the net wirelessly. You can get wireless telnet programs with terminal emulators if you need to be able to access your machines at home. Or since it's supposely your wife's favorite lingerie site, prepare yourself by taking down their phone number, and then calling in your order.
At my workplace, if you deliberately violated our IT policies, your company would be told that you were no longer welcome on our premises, and your company would be reminded that we hired the company rather than the person, so your company would be responsible for providing an acceptable replacement worker. If you happen to be the only employee of your company, tough luck: you'd still be responsible for meeting the contract goals even if you have to take a loss to do so by hiring someone else to do the work. Oh, and non-completion of a contract nets a non-compliance note in the unified purchasing system of our very large organization...
I understand the importance of firewalls, but they are being misused by many Nazi IT departments. I simply decided to circumvent this limitation and it works. The same concept probably works for millions of other users that do not tolerate Nazi IT departments. Why should I suffer and pay extra for expensive equipment, which I do not really need.
Get back to us after your own company has had a visit from one of the TLA's, informing you that one of your ex-employees was a spy who stole your technology for the benefit of a country with a history of violence, repression, and war upon other countries.
And no, I am not speaking hypothetically. There have been enough attempts at the organization I work for that the security teams receive specific training about dealing with detected spying.
Your posting IP address is in the USA, but it sounds to me as if you are not overly familiar with the terms of the US Computer Fraud and Abuse Act (1986). That's US Criminal Code Title 18, section
1030 and thereabouts.
One might as well ask why you should have to suffer and pay extra for an expensive car, when you have a method of hot-wiring other people's cars to "borrow" them when they aren't using them.
The fact that you work on contracts for companies suggests to me that you are probably not entirely familiar with the laws and regulations that their IT departments must operate under. Are you, for example, familiar with what is required for Sarbanes-Oxley compliance? Were you aware that the legislative branch of the country I live in gave a government department the authority to make IT regulations, and that government department thence adopted as regulations certain clauses that were strongly recommended by the national domestic security agency, with the effect of those regulations being that in organizations subject to the regulations, it is -required- (if they have a firewall at all) to block outgoing accesses except to locations the organizations can prove are necessary for their operations? Are you aware that for certain private information that we deal with, that the
-minimum- fine upon an auditing agency detecting a *potential* for a leak, is $25000 per day?
So are we operating a "Nazi IT department" and restricting access just because we get off on controlling people -- or are we just doing the best we can to comply with multiple jurisdictions' laws and regulations?
OK, no need to get personal. You have no reason to call me a moron, nor to assume I am a moron.
All I can say is thank Christ you're a yank and very unlikely to work in my environment. If you were to, and try that crap on any of my networks, you would be sacked, sued and prosecuted. And you WOULD be detected.
I never suggested you did any harm - at least not as far as you are concerned. Unfortunately, you are subverting the organisations security, especially if you are installing Java when there is no business requirement to do so.
As a contractor, you are paid to do a job of work, not to buy knickers for your partner hence the harm is obvious.
As an aside, wasn't your original post just a thinly disguised piece of spam? I refer to the line "8. Start our preconfigured proxy version of the Firefox portable browser (*)."
Bottom line: You ARE doing harm. You are breeching your employers security and by installing unauthorised software you are reducing the overall security of your employers systems.
BUT, it would appear that you are SO arrogant that you will not accept this and in your world, you are completely justified.
However, you have, in a round about sort of way, answered my question. Why do you think it is acceptable to breech your employers security policy? Because you are arrogant and you do not understand the security requirements of your employer. I just hope you are not contracted for security work.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.