Networking

Poll: Would you trust your users in a hostile network environment?

If your end users were required to work in hostile network environment, would you trust their ability to recognize the situation and take appropriate precautions? Are your organization's standard security measures for traveling users strong enough to withstand sustained, sophisticated attacks? Answer the following polls and let us know.

All networks have security risks, but just like physical neighborhoods, some networks are safer than others. For example, consultants using a client company's private network likely face less risk than the salesperson using the local coffee house's unsecured Wi-Fi connection. If you need a more specific example, just consider the Black Hat USA 2008 security conference.

Three French reporters were expelled from the conference for allegedly sniffing the network passwords from other journalists. According to an article on TG Daily, the three individuals used the Cain and Able security tool to sniff network traffic within the Black Hat 2008 media room. While Black Hat attendees are warned that the conference's Wi-Fi network is open to constant sniffing, the press room is traditionally off limits.

If your end users were required to work in hostile network environment, would you trust their ability to recognize the situation and take appropriate precautions? Are your organization's standard security measures for traveling users strong enough to withstand sustained, sophisticated attacks? Answer the following polls and let us know.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

7 comments
Neon Samurai
Neon Samurai

Nope, I wouldn't trust the user in a hostile network; I'd trust my config of the user's machine though. 'Sorry, your machine will not be using any plain-text protocols while you are on this assignment, this tech "jimmy" will be making some adjustments before you leave today.' Or I'd wrap that whole machine's network feed in a tunnel back to our trusted servers before plaintext goes anywhere. The second question; maybe. All mobile users connect too the office through a VPN; nothing strange, most places do this now. It would be a "Yes" except that I haven't hammerd on a live VPN tunnel to personally trust the specific encryption and authentication combination.

Jeff7181
Jeff7181

Absolutely not. A perfect example: A remote user yesterday has had their corporate issued laptop for a week before they were calling the help desk about malware. Basically they had something that claimed to be "Vista Anti-Virus" and it said it detected a virus and prevented the user from opening any applications until they went to this website and paid $200 to "clean" the supposed virus off the computer.

CharlieSpencer
CharlieSpencer

"Would you trust your users in a hostile network environment?" I don't trust them on wire here in the building!

TechinMN
TechinMN

On the second question, there should be a fourth option: 'No, but it would be if management would let us implement what we know needs to be.' I'm willing to bet you'd see a different distribution of answers.

pgit
pgit

I was going to suggest another 4th option, now a 5th: Yes, but it'll work only if the users follow policy. In other words, if they did what they were supposed to they'd be fine. Here's where the "human engineering" enters and policy falls down. Fortunately I don't deal with an awful lot of mobile users, and those I do support are on average smarter than the average bear.

Bill Detwiler
Bill Detwiler

I considered adding a third "no" option with an "our hands are tied" qualification. I eventually decided those responses could be wrapped up in the existing "no, we don't do anything extra" answer. I could then talk about the various reasons why IT departments don't provide extra security measures for hostile environments in my follow-up article.

Bill Detwiler
Bill Detwiler

If your end users were required to work in hostile network environment, would you trust their ability to recognize the situation and take appropriate precautions? Are your organization?s standard security measures for traveling users strong enough to withstand sustained, sophisticated attacks? Answer the following polls in our IT Dojo blog and let us know how much your trust your end users and your security measures. Original blog post and polls: http://blogs.techrepublic.com.com/itdojo/?p=161

Editor's Picks