[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just how the heck do you answer this???

To: "Misc @OpenBSD" <misc@openbsd.org>
Subject: Re: Just how the heck do you answer this???
From: Nick Holland <nick@holland-consulting.net>
Date: Mon, 02 Sep 2002 18:43:01 -0400
References: <BGEJJIANFDOEEHFIMJMMCEAIDIAA.bob.debolt@telusplanet.net>

Bob DeBolt wrote:
> 
> Greets from Calgary
> 
> Any ideas on how to respond to an attitude of "zero regard for
> security" from an administrator. This company had been seriously hacked
> before I installed OBSD a year ago. hmmmmmm
> 
> >Sorry to miss you!  I had an appointment with a customer and had to
> >leave before you got there.  Anyway, I was going to ask you how to set
> >up an obscure port to be forwarded.  I'd like to set up an obscure port
> >to forward to a machine on the network using a different port.  I'd like
> >to open up a single Windows XP machine for Remote Desktop Connection,
> >but I want to obscure it on the firewall by using a port number like
> >62176 or something like that.
> 
> >If you could tell me which files to edit, that would be great.  Thanks!
> 
> Bob

Step 1: make a good faith effort to explain why this is a bad idea. 
Remember: The person who requested this isn't trying to make your life
miserable.  And while they may be ignorant of the issues, they may not
be stupid, and may be quite teachable.

Remember, you once might have thought such things... 8-)

Step 2: Demonstrate an alternative.  AuthPF would address this nicely
-- they log into the firewall, they now have access to that port from
their current location, but no one else does.

Step 3: If the first two fail, present them with a piece of paper
which says something like:
   "I want you to open up port xxxxx to be redirected to IP
xx.xx.xx.xx.  I request this in spite of Bob DeBolt's warnings that
this is a bad idea, in spite of having been told why this is a bad
idea, and in spite of being provided with reasonable alternatives.  I
accept all responsibility for the results of this action, including
financial and disciplinary, and possibly legal."

Have 'em sign several copies.  If the "financial, disciplinary and
possibly legal" doesn't get their attention, not much will.

This is assuming it is your supervisor requesting this be done for
your own company...  If it a client requesting this, drop 'em (yes, I
do this.  A bad client is worse than a non-client.  Funny thing, once
you tell a client "If you do this kind of thing, I'd rather not have
your business", they almost always listen).  If your boss is
requesting this for a client, have the boss sign three copies, and
take two with you...and lose the third copy someplace creative.  After
being fired, take a job with the client. 8-)

Nick.
-- 
http://www.holland-consulting.net

References:
- Just how the heck do you answer this???
  - From: "Bob DeBolt" <bob.debolt@telusplanet.net>

Prev by Date: Re: Just how the heck do you answer this???
Next by Date: Re: misc questions
Prev by thread: Re: Just how the heck do you answer this???
Next by thread: Re: misc questions
Index(es):
- Date
- Thread