“The IT guy tells me that it’s necessary to “lock down†the network. He doesn’t want anyone using unauthorized services running on high ports.
Of course, anyone can tell you that it’s trivial to circumvent this obstacle by tunneling to the unauthorized service over unblocked port 80 via a friendly server running somewhere outside their network (in someone’s basement, for example). Anyone can also tell you that it’s easier to hide access to an unauthorized service when it’s talking over port 80—it’s lost in the mix, isn’t it.”
Which is basically what happens at $BIG_COMPANY because they have stupid people running their networks. How frustrating is it that you can’t check personal email due to ‘security’? How frustrating is it that you can’t look at a link like http://www.apple.com/itunes for some reason (presumably the people who make the firewall rules are all Zune users) though you can look at pretty much every other part of apple.com.
Howcome these idiots get control of networks and firewalls?
Well, it’s because $BIG_COMPANY likes MCSE-types. Anyone who manages to get one has a leg in the door at a big corporation and it doesn’t matter if the individual is particularly slack jawed or has other odious habits (like a full beard).
It annoys me because, a hundred years ago in the nineties I used to work in networks and multiple times we were browbeaten into making stupid changes due to Corporate Stupidity. If you’re not running AV protection on your servers then changing the network parameters will not help you. You need to fire the dickheads who are not managing the AV servers correctly.
NotAnMBA continues:
- Employers distrust their employees.
- Employers fear their employees.
- Executives have no appreciation for the capabilities of the technologies they surround themselves with and run their businesses with.
I, of course, have the dual joys of witnessing network stupidity from day to day as well as having a new MicroManager to report to. Honestly, neither of us have anything better to do than to have daily meetings where he doles out little tasks for me. Nothing that couldn’t be handled with a decent networked task manager (except we don’t have access to one) or even say, a fucking email.
I don’t care much about the stupid firewall rules because I have an iPhone but the stupid management really gives me some pause. Unless Apple manages to produce some iPhone software which turns bad managers into something I don’t despise.
Maybe Apple can come out with the iManager.
I try to encourage iTunes, because after a bit of time with a flow capture tool, it’s pretty easy to see how to block iTunes, although it happens a few layers up from port blocking idiocy.
You just block all outgoing http connections with a user-agent containing “itunes”.
Much nicer than trying to deal with the others.
No iTunes. No QT. So Safari. FFox requires permission.
It’s Microsoftville.
Hm. Is it really wise to slag off your manager online? Admittedly from the evidence so far presented it’s unlikely he will read it himself, but word is bound to filter back eventually…
Depends, Andrew. If it’s the only job you have and you need it, then probably not.
This working at $BIG_COMPANY is really destroying your soul, isn’t it?
Is it work the $BIG_BUCKS?
– pj
It’s not really worth the $BIG_BUCKS, no. Just a means to an end.
But had a nice talk to someone over the weekend. So see where that goes.