Re: [squid-users] 2.5

From: hanasaki <hanasaki@dont-contact.us>
Date: Fri, 15 Mar 2002 09:00:33 -0600

Sounds like:
        - A policy w/o teeth?
        - Poor implementation of a good policy?
        - Absence of professionalism?
That is a cultural problem. The perception that "NT-passwords will not
be shared that easily" is is absurd. Your rational has merit but it
uses an assumption and cultural coercion to address a symptom, not the
problem.

Bet you could find a clever way to catch those that are using one ID on
an NT station and another to browse the web - in real-time. Correlate
IP address / MAC addresses with the logins.

Put teath into the policy, if then don't already exist. Then let
everyone know what the ramifications are for not following the policy
(set expectations). Fire a few people if you have to? Compromising
corporate security "isn't taken seriously" at your company?

Boosten, Peter wrote:
> # -----Original Message-----
> # From: Marc Elsen [mailto:marc.elsen@imec.be]
> # Sent: Friday, 15 March 2002 11:00
> # To: Boosten, Peter
> # Cc: Squid-Users (E-mail)
> # Subject: Re: [squid-users] 2.5
> #
> # > Does anyone know when 2.5 will become STABLE?
> # >
> # Guess you should be on the developers list for this one...
> #
>
> Hehehe, just for this question? Maybe on of you nonlurkers/lurkers know the
> answer: I don't have anything useful to say on the developerslist.
>
> Oke, then a real question:
>
> Right now we have 18000+ users, of which 6000+ are allowed to browse the
> internet. They have to authenticate via ncsa. The problem is, that some of
> them share their account with other (non-authorized) users, and the problem
> is growing. We have a security-policy for this kind of behaviour, but no-one
> doesn't seem to care. The managingboard wants those users to authenticate
> with their NT-account, because NT-passwords will not be shared that easily
> (users could access other users personal email for instance).
>
> NTMS-authentication is out of the question, as it will allow the
> password/useraccount to go unencrypted over the network.
> NTLM is an option, but only in 2.5.
>
> Are there other options?
>
> Peter
>
> Disclaimer
> 1. This e-mail is for the intended recipient only. If you have received it
> by mistake please let us know by reply and then delete it from your system;
> access, disclosure, copying, distribution or reliance on any of it by anyone
> else is prohibited.
>
> 2. If you as intended recipient have received this e-mail incorrectly,
> please notify the sender (via e-mail) immediately. This e-mail is
> confidential and may be legally privileged. DSM does not guarantee that the
> information sent and/or received by or with this e-mail is correct and does
> not accept any liability for damages related thereto.
>

-- 
=================================================================
= hanasaki@hanaden.com                                          =
=     Spam : Unhealthy and High in Sodium and Cholesterol       =
=================================================================
Received on Fri Mar 15 2002 - 08:00:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:56 MST