Home
 

Submitted by jrenaut on Mon, 08/04/2008 - 8:22pm.

The IT department at work has decided to block all webmail beginning August 18th. This is a big problem for me, because I'm a contractor and don't really use the work email. It's a pain, and I can't get to it from home without jumping through hoops. My actual work email is my Gmail account.

So this is going to cause me a ton of problems. And for what?

I did a little Googling for the security risks associated with webmail.

“Any pop-up ad that appears in a webmail message could potentially contain a virus when it opens," she said. "An attachment that comes in from a webmail message could possibly bypass all the safeguards all the way to the user’s computer.” In addition, just opening a Web browser window to these commercial webmail sites can leave a computer open to outside attack. (Source)

This is a bit of a strawman argument. First, you can get popups or viruses or whatever from all sorts of sites. It's not restricted to webmail. But if you use good, up-to-date software, this shouldn't be an issue. There are some really good free, open-source tools to protect your computer. If your users are getting viruses and hacked computers, it's not the fault of Gmail or Hotmail. It's your users, and it's the tools you've chosen to give them.

I'm an . . . advocate of the "block access" point of view. Personal webmail, if accessible, provides another vector for your data to fly out of the window but one that you have poor control over and little ability to monitor and audit. Neither can you comply with data storage and archiving regulations if the service is being used to legitimately send and receive business data to and from external addresses. (Source)

Archiving is a legitimate concern. Although I can't imagine why the author thinks it's not possible to comply with regulations - there is nothing stopping you from hooking up your webmail account to Outlook or Thunderbird and downloading it all. Then you can archive to your heart's content. Actually, I think Yahoo and Hotmail make you pay for POP3 access, but that's because they hate their customers.

If anything, what’s [sic] it’s partly demonstrating is the problems in the usability associated with security products. By making them too cumbersome, it’s natural for people to seek routes around them — making the security procedures a risk in their own way. (Source)

This I totally agree with. I use a ton of Google's web tools for legitimate work purposes because they are easy and useful. If you block them, I'm going to try to get around the blocks, like the way you can use https instead of http to get around some filters that block Gmail. But I more or less know what I'm doing. I've heard of some ridiculous unsafe hacks to get around work-imposed security. Some of the workarounds are much more dangerous than the thing being blocked.

But you know what's more dangerous to security than all of this put together? Stupid people. And, to a perhaps greater extent, smart but ignorant people. People who think they know better, but don't, are a huge source of problems. Much better to know you're incompetent and stop trying.

I remain entirely unconvinced that this will do any good. You can't possibly block all possible routes for sensitive information to leak out of the office. By blocking webmail, you're taking away one of the most convenient methods, but what you may end up doing is driving the leaks to more and better hidden channels. Maybe now one person is going to start Twittering all day, while another is going to use some other service. The information can still get out.

And what about someone who goes to do a little online banking and accidentally hits a phishing site that steals their banking info and deposits a virus on their computer, giving a hacker total control of their PC? Are you going to ban bank sites, too?

Why not just ban everything? Chain employees to the desk in rooms with white walls and no windows. Give them three breaks a day where they can use the bathroom and buy lunch from the company (Wouldn't want them sharing company secrets at the local deli, would we?). Maybe we should just stop sharing secrets with employees altogether. Just keep it all with the executives, who can lock themselves in ivory towers, making angels in piles of FOUO and COMPANY PROPRIETARY documents.

Maybe we shouldn't even do any work. The dangers of compromised secrets are too great. We should all go back to a hunter-gatherer economy, where there were no documents in need of protection from the horrors of webmail. Better for the environment, too, as a majority of Americans would die of starvation within the year. Or we could save time and trouble by committing mass suicide in orderly rows. That would teach Google to make a great webmail service with an intuitive, helpful interface. Stupid jerks.

Posted in

[...] IT department to block

Submitted by DCBlogs : DC Blogs Noted (not verified) on Tue, 08/05/2008 - 12:04am.

[...] IT department to block webmail accounts. Complaint Hub. Now what? [...]

»

Time to get a iPhone. then

Submitted by farrelley (not verified) on Tue, 08/05/2008 - 6:34am.

Time to get a iPhone. then you can check your mail whenever you want. no need for that stinking webmail.

God I hope they don't do this were I work. I would be in the same situation as you!

»

I'm hoping we can convince

Submitted by jrenaut on Tue, 08/05/2008 - 6:52am.

I'm hoping we can convince work that they need to pay for Blackberries, which I can also use as a modem when I'm working. I'm not really a big fan of Apple.

»

I am an IT Security

Submitted by Daniel (not verified) on Tue, 08/05/2008 - 7:17am.

I am an IT Security Professional and I hate to break it to you, but the reasons provided are more than adequate for any company or agency to block webmail (and most importantly, you are on their network and if the choose to let you visit the internet while at your desk it is entirely their prerogative). Yeah, it sucks... but you are there on their dime and they can choose to limit what you do (or bring, how about some businesses who ban phones with camera's on their premises).

»

Sure, they have a right to

Submitted by jrenaut on Tue, 08/05/2008 - 7:47am.

Sure, they have a right to block whatever they want on their network. The issue here, though, is that it's in their best interests to actually protect the network and users' PCs rather than making it harder for me to do my job with arbitrary internet filtering.

»

They did this at the agency

Submitted by Michelle (not verified) on Tue, 08/05/2008 - 7:22am.

They did this at the agency I am contracted at about 2 years ago... but while the webmail is blocked from your workstation, you are redirected to a remote computer so you can actually check it , if you try Gmail or Yahoo Mail in your browser.

But actaully it is a great reason to get a BlackBerry.

»

My non-profit employee

Submitted by Herb (not verified) on Tue, 08/05/2008 - 7:25am.

My non-profit employee blocks webmail, blogs and lots of other stuff.

However, I let's keep this little workaround a secret 'kay?

"like the way you can use https instead of http to get around some filters that block Gmail"

Shh...

»

They're already learning.

Submitted by jrenaut on Tue, 08/05/2008 - 7:49am.

They're already learning. Our IT department currently blocks GTalk but not Gmail. Up until last week, you could get to GTalk over https, but then they cut it off there, too.

If you depend on the https workaround, know that your days are numbered.

»

Three letters...ssh Look

Submitted by work-a-round (not verified) on Tue, 08/05/2008 - 9:44am.

Three letters...ssh

Look into it.

»

My main concern with that is

Submitted by jrenaut on Tue, 08/05/2008 - 10:41am.

My main concern with that is that I no longer have plausible deniability.

»

Yeah they have the right to

Submitted by Andy on Tue, 08/05/2008 - 10:35am.

Yeah they have the right to do whatever they want while we're on their network but I think that if you block it the only thing you're really doing is stopping the dumb employees.

Maybe that's enough since those are probably the most at-risk employees but I think it just angers the smart ones even more and makes them want to quit your stupid job.

And by the way, the IT support staff are the worst abusers of company security that I know of. It's their little chance to be above the law...

»

Treasury employee?

Submitted by 125 (not verified) on Tue, 08/05/2008 - 1:26pm.

Treasury employee?

»

Contractor.

Submitted by jrenaut on Tue, 08/05/2008 - 2:09pm.

Contractor.

»

sir i want to know how we

Submitted by Noname McClown (not verified) on Mon, 02/02/2009 - 5:18am.

sir i want to know how we can getout from the blocked site .. i want to open my gmail from my office P/C and IT hacker... i want to open my GMAIL a/c in my office p/c kindly provied me some linkes ..so that i can open my a/c

»

The best thing to do is to

Submitted by jrenaut on Mon, 02/02/2009 - 8:06am.

The best thing to do is to convince your IT department that the gains in productivity from access to web tools like Gmail outweighs the security risks, which are likely overblown anyway.

If that doesn't work, there probably isn't any way to get around the block that won't get you fired if they catch you.

»

How come, every user thinks

Submitted by Noname McClown (not verified) on Wed, 06/17/2009 - 1:39pm.

How come, every user thinks they are the "google" expert when lookin up information. Companies are required to do what is in their best interest. Sometimes this is not what employees want, but what is best for the company. By blocking access to standard public email systems, they are forcing you to use their provided system for all work related (sitting at work and suppose to be working, so that means using their email system should be fine). They can now track usage, violations, storage, so forth.
From what you posted in the begining, they provided you a solution. You don't like it because your a typical user, meaning you prefer easy instead of required. They make it hard at home because they are just trying to protect themselves. While there is no sure fire way to block everything (if they did, you may actually work 8 hours during that day), however, in the eyes of the law and regulations, they have to show that due diligence was performed trying to protect themselves.
The beauty is, instead of being a bitchy user because you cant get on your gmail, use the system they have. After a while, it wont be so bad because you will be used to using it. Instead of whining about how they do this and that, embrace that your company is taking steps they feel they need to for ensuring their security and standing with legal and regulatory factors so that you can keep a job.
Grow up, if you dont like the culture, then you should start training users and then take full finacial and personal responsibility for each one that you train on how to be a "click responsibly" user. Then you can carry the issues of any possible legal or govt requirements on your back.
Users try to bypass systems with, https, ssh, ssl, proxies, proxies at home, so forth. We know about them as well, and we take each one as we need to and secure them to the best of the abilities.

so finally, if you dont like the systems you use, quit, otherwise grow up and take responsiblity serious. You are not the only employee. So until all users follow the rules, the company will do what it has to.

»

A lovely rant on a year-old

Submitted by jrenaut on Wed, 06/17/2009 - 2:12pm.

A lovely rant on a year-old post. I will print this and frame it on my wall.

»

obviously you still check

Submitted by Noname McClown (not verified) on Fri, 09/02/2011 - 3:07am.

obviously you still check the status a year later :) anyway...i wonder if u're going to response to this post...two years later.

»

I check all my comments and

Submitted by jrenaut on Fri, 09/02/2011 - 6:57am.

I check all my comments and respond to most.

»

Post new comment

The content of this field is kept private and will not be shown publicly.