Where to start?!?! :-)
Cisco's sales force needs to emphasize that successful sites have a
person that has the authority to say, "Because I said so." and have it
mean something to everyone at the site. ;-)
Phrases like "protest too much" and "when he leaves our houses let us
count our spoons" come to mind.
It's tough to know which (or both) of these situations exist:
1) The person is ignorant (not a bad word, look it up ;-) and needs
education and needs to be willing to be educated.
2) The person is doing something they shouldn't be doing--and thinks you
don't already know (See #1 :-).
You won't get anywhere trying to reason with the person/people what
wrote the stuff below. There are always a few
obstructionist/contrarian/cantankerous/<more big words here> faculty for
whom arguing stuff like this is simply sport. To test this theory ask
the four following questions:
Problems with Additional "Background" Applications
--------------------------------------------------
"How about a 3-for-1 trade? If I can show you 3 processes you can do
without on your PC would you install the CCA Agent?"
Privacy Concerns
----------------
"If I can show you that I can monitor your activity with OR without the
CCA Agent would you install it?"
Security Trade-Offs
-------------------
"If I can show you how to configure your firewall to allow just the
traffic that the CCA Agent needs to function would you install it?
Forcing Incompatible Updates
----------------------------
"If I can show you empirical proof that your research is more likely to
be compromised without the CCA Agent's protection than with it would you
install it?
If you got anything but four "Yes" answers you know the game is on! (If
you are empowered or independently wealthy try turning this person's
jack off and asking the questions again ;-)
Cheers,
Rand
Please STARTsafe and RUNsafe -- www.merrimack.edu/runsafe
--
Rand P. Hall * Director, Network Services / Merrimack College * SunGard
* Collegis
315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 * Fax
978-837-5434
[log in to unmask] * www.sungardcollegis.com
CONFIDENTIALITY: This e-mail (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this e-mail in error,
please notify the sender and delete this e-mail from your system.
-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of Eric Weakland
Sent: Tuesday, November 15, 2005 5:06 PM
To: [log in to unmask]
Subject: Another quick Poll - TIA
Thanks to everyone who participates in this list. It is an invaluable
resource.
I'm trying to reason with some of our constituents about the potential
benefits of enforcing some minimum requirements with CCA. Of course
they
don't think it should apply to them. I would appreciate some of your
input
on these topics that they have posed to me. I have my own responses,
but
am keen to hear if any of you have dealt with the same questions and how
you responded - citations of sources greatly valued. Feel free to email
me directly and/or post to the list. I would suggest the list because I
think we have all had to deal with users who say "sure, but I don't need
that - I'm a POWER user!" Cisco folks please feel free to point me to
relevant documents on Cisco's website - I've been looking there and have
found some documents, but not much.
Many thanks,
Eric Weakland, CISSP
Director, Network Security
Office of Information Technology
American University
[log in to unmask]
202.885.2241
Problems with Additional "Background" Applications
--------------------------------------------------
Applications that run in background can interfere with other user
applications in many ways. We mention only a few possibilities:
siphoning off system resources, generating conflicts with other
applications, or simply by containing bugs that cause system problems.
We recognize that the computing office will make decisions to minimize
such impacts,
be we remain concerned.
Privacy Concerns
----------------
A software client that validates network access raises serious privacy
concerns, since it necessarily records users' IP addresses and makes
possible a trace of their network activity. We understand that the
computing office has
no intention of enabling such functionality. Nevertheless, such a
trace could be performed without much difficulty. We therefore wish
to learn what procedures will be implemented to prevent any such abuses.
Security Trade-Offs
-------------------
The proposed client software is supposed to ensure that required
security practices are implemented. Even if the security requirements
are appropriately selected, it appears that the client software itself
may pose a small security risk to the user's machine. Users would be
required to permit a certain amount of network traffic to pass across
whatever security firewalls and protections they had installed on
their own machines, which appears to weaken such security regimes.
Forcing Incompatible Updates
----------------------------
We move finally to our greatest concern: forced updates. We are
naturally sympathetic to the idea that almost all users should have
installed antivirus software and have updated to current virus
defintions. However system updates and patches raise the possibility
of serious incompatibilities. Updates, service packs, and patches
sometimes produce incompatibilities that programmers need time to
resolve. For example, each of the Windows XP service packs were
incompatible with some applications. Requiring a system update in
order to be validated for network access raises the possibility that a
user may have to go for a time without access to a vital software
application on their machine. Such problems could lead to a slowdown
in vital research practices.
|
