Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Security 2.0 - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Security 2.0

Been thinking lately about some of the restrictive policies that corporations, .mil, .gov, and some others have when it comes to security.

Does it work?

Where are we at?  

Are all the extremely restrictive policies in your corporate work environment working?  

What can be relaxed?  Why?

 

Example:  I recently ran across an example where iTunes was not allowed on the network because it was considered P2P.  Is iTunes P2P?  Of course not, but here is an example of where reeducation for the "experts" and the loss of "policy for policy's sake" make be helpful.

 

We'd like to hear your feedback.  What does Security 2.0 mean to you?  We all have our own opinions, we'd like to hear yours!

 

Joel Esler

http://handlers.sans.org/jesler

Joel

454 Posts
ISC Handler
While I'll admit, iTunes is not P2P, we are blocking access to it to reduce the amount of bandwidth used for non-business applications. For this same reason, we have blocked access to most sites hosting any sort of streaming media.
Dan

9 Posts
Okay, I can see that. We had another user write in to tell us that they didn't allow iTunes because it would cause alot of issues with having to backup several gigs of music files, per person.
Joel

454 Posts
ISC Handler
iTunes can quickly cross the line to P2P "like" app. All it takes is for some users to hit edit --> preferences --> sharing and there you go 2 check boxes. Look for shared libraries and share my library. If a user doesn't password their library anyone on the network can now listen and download songs from each other... pretty close to P2P in my book.
Anonymous
But it's not P2P. Just because you can listen to someone else's music does not mean you can GET someone else's music. You are not trading the file, it is no different from streaming radio.
Joel

454 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!