From owner-freebsd-questions Thu Nov 8 23:13:50 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id C54DE37B419 for ; Thu, 8 Nov 2001 23:13:45 -0800 (PST) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id fA97DcT99514; Thu, 8 Nov 2001 23:13:38 -0800 (PST) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Andrew C. Hornback" , "Anthony Atkielski" , "FreeBSD Questions" Subject: RE: Lockdown of FreeBSD machine directly on Net Date: Thu, 8 Nov 2001 23:13:37 -0800 Message-ID: <000001c168ee$0d696280$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <012201c16875$8e7b6b80$6600000a@columbia> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Andrew C. >Hornback >Sent: Thursday, November 08, 2001 8:51 AM >To: Anthony Atkielski; FreeBSD Questions >Subject: RE: Lockdown of FreeBSD machine directly on Net > > >> -----Original Message----- >> From: Anthony Atkielski [mailto:anthony@atkielski.com] >> Sent: Thursday, November 08, 2001 3:20 AM >> To: Andrew C. Hornback; FreeBSD Questions >> Subject: Re: Lockdown of FreeBSD machine directly on Net >> >> > Most organizations require something like that in >> > writing, or at least as part of a face to face >> > conversation. That negates this loophole. >> >> I've never encountered an organization that has a policy like that, but my >> personal policy is along those lines. If any manager wants me to >> compromise >> system security, he needs to put it in writing. This not only >> protects the >> organization from hanky-panky, but it protects me and the >> organization from >> lawsuits (albeit not prosecution, in most cases). > > Having held such positions as Senior System Administrator, Director of >Server and Network Operations and (hands on) Chief Operating Officer of an >ISP... I'm very surprised that you've never encoutered this. > > Such a policy is standard operating procedure for me, period, >no matter >where I am employed. Same here. However it's not usually done in physical writing. I _am_ COO of an ISP and _everything_ that is done in the systems by myself or the sysadmin touches the e-mail system in some manner. Either the request comes via e-mail to the support list from a customer, or if it comes via phone a note is sent to the support list, or via add-hoc from one of the techs it is written up in the mail system. In fact one of the daily tasks I do is decide what requests to permanently archive. It's not necessary to fomalize things to the extent your referring to, a simple 3 sentence e-mail that establishes who made the request and if the request is completed is enough. This establishes in the archive time and date and tracking. And that doesen't even cover the tracking done on the billing system which has it's own tracking system. I have had a lot of experience running IT and there is absolutely no way to even start getting a handle on the department if this isn't done. If you don't take the time to track things you spend time running from firedrill to firedrill and you cannot even begin to explain to the CEO or president why so much of the company IT time is burned up on bullshit requests. I've lost track of the number of times at previous companies I've worked at that some puffed-up department head has steamed into my office ready to nail my ass to the wall because some system they depend on got cocked-up, only to have me show them an e-mail audit trail which points the blame for the problem right back to some cockamamie thing that they or one of their underlings had my department do. I'll readily admit that there's plenty of products (Notes comes to mind) that are out there to do what I do with my e-mail system, but none are as fast to enter data to. e-mail is also something everyone, internal and external employees, vendors and customers read, and I've CC'd more CYA e-mails to troublemakers than I can remember. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message