Home
 
Drupalcon


Submitted by jrenaut on Mon, 08/04/2008 - 8:22pm.

The IT department at work has decided to block all webmail beginning August 18th. This is a big problem for me, because I'm a contractor and don't really use the work email. It's a pain, and I can't get to it from home without jumping through hoops. My actual work email is my Gmail account.

So this is going to cause me a ton of problems. And for what?

I did a little Googling for the security risks associated with webmail.

“Any pop-up ad that appears in a webmail message could potentially contain a virus when it opens," she said. "An attachment that comes in from a webmail message could possibly bypass all the safeguards all the way to the user’s computer.” In addition, just opening a Web browser window to these commercial webmail sites can leave a computer open to outside attack. (Source)

This is a bit of a strawman argument. First, you can get popups or viruses or whatever from all sorts of sites. It's not restricted to webmail. But if you use good, up-to-date software, this shouldn't be an issue. There are some really good free, open-source tools to protect your computer. If your users are getting viruses and hacked computers, it's not the fault of Gmail or Hotmail. It's your users, and it's the tools you've chosen to give them.

I'm an . . . advocate of the "block access" point of view. Personal webmail, if accessible, provides another vector for your data to fly out of the window but one that you have poor control over and little ability to monitor and audit. Neither can you comply with data storage and archiving regulations if the service is being used to legitimately send and receive business data to and from external addresses. (Source)

Archiving is a legitimate concern. Although I can't imagine why the author thinks it's not possible to comply with regulations - there is nothing stopping you from hooking up your webmail account to Outlook or Thunderbird and downloading it all. Then you can archive to your heart's content. Actually, I think Yahoo and Hotmail make you pay for POP3 access, but that's because they hate their customers.

If anything, what’s [sic] it’s partly demonstrating is the problems in the usability associated with security products. By making them too cumbersome, it’s natural for people to seek routes around them — making the security procedures a risk in their own way. (Source)

This I totally agree with. I use a ton of Google's web tools for legitimate work purposes because they are easy and useful. If you block them, I'm going to try to get around the blocks, like the way you can use https instead of http to get around some filters that block Gmail. But I more or less know what I'm doing. I've heard of some ridiculous unsafe hacks to get around work-imposed security. Some of the workarounds are much more dangerous than the thing being blocked.

But you know what's more dangerous to security than all of this put together? Stupid people. And, to a perhaps greater extent, smart but ignorant people. People who think they know better, but don't, are a huge source of problems. Much better to know you're incompetent and stop trying.

I remain entirely unconvinced that this will do any good. You can't possibly block all possible routes for sensitive information to leak out of the office. By blocking webmail, you're taking away one of the most convenient methods, but what you may end up doing is driving the leaks to more and better hidden channels. Maybe now one person is going to start Twittering all day, while another is going to use some other service. The information can still get out.

And what about someone who goes to do a little online banking and accidentally hits a phishing site that steals their banking info and deposits a virus on their computer, giving a hacker total control of their PC? Are you going to ban bank sites, too?

Why not just ban everything? Chain employees to the desk in rooms with white walls and no windows. Give them three breaks a day where they can use the bathroom and buy lunch from the company (Wouldn't want them sharing company secrets at the local deli, would we?). Maybe we should just stop sharing secrets with employees altogether. Just keep it all with the executives, who can lock themselves in ivory towers, making angels in piles of FOUO and COMPANY PROPRIETARY documents.

Maybe we shouldn't even do any work. The dangers of compromised secrets are too great. We should all go back to a hunter-gatherer economy, where there were no documents in need of protection from the horrors of webmail. Better for the environment, too, as a majority of Americans would die of starvation within the year. Or we could save time and trouble by committing mass suicide in orderly rows. That would teach Google to make a great webmail service with an intuitive, helpful interface. Stupid jerks.

Posted in

[...] IT department to block

Submitted by DCBlogs : DC Blogs Noted (not verified) on Tue, 08/05/2008 - 12:04am.

[...] IT department to block webmail accounts. Complaint Hub. Now what? [...]

»

Time to get a iPhone. then

Submitted by farrelley (not verified) on Tue, 08/05/2008 - 6:34am.

Time to get a iPhone. then you can check your mail whenever you want. no need for that stinking webmail.

God I hope they don't do this were I work. I would be in the same situation as you!

»

I'm hoping we can convince

Submitted by jrenaut on Tue, 08/05/2008 - 6:52am.

I'm hoping we can convince work that they need to pay for Blackberries, which I can also use as a modem when I'm working. I'm not really a big fan of Apple.

»

I am an IT Security

Submitted by Daniel (not verified) on Tue, 08/05/2008 - 7:17am.

I am an IT Security Professional and I hate to break it to you, but the reasons provided are more than adequate for any company or agency to block webmail (and most importantly, you are on their network and if the choose to let you visit the internet while at your desk it is entirely their prerogative). Yeah, it sucks... but you are there on their dime and they can choose to limit what you do (or bring, how about some businesses who ban phones with camera's on their premises).

»

Sure, they have a right to

Submitted by jrenaut on Tue, 08/05/2008 - 7:47am.

Sure, they have a right to block whatever they want on their network. The issue here, though, is that it's in their best interests to actually protect the network and users' PCs rather than making it harder for me to do my job with arbitrary internet filtering.

»

They did this at the agency

Submitted by Michelle (not verified) on Tue, 08/05/2008 - 7:22am.

They did this at the agency I am contracted at about 2 years ago... but while the webmail is blocked from your workstation, you are redirected to a remote computer so you can actually check it , if you try Gmail or Yahoo Mail in your browser.

But actaully it is a great reason to get a BlackBerry.

»

My non-profit employee

Submitted by Herb (not verified) on Tue, 08/05/2008 - 7:25am.

My non-profit employee blocks webmail, blogs and lots of other stuff.

However, I let's keep this little workaround a secret 'kay?

"like the way you can use https instead of http to get around some filters that block Gmail"

Shh...

»

They're already learning.

Submitted by jrenaut on Tue, 08/05/2008 - 7:49am.

They're already learning. Our IT department currently blocks GTalk but not Gmail. Up until last week, you could get to GTalk over https, but then they cut it off there, too.

If you depend on the https workaround, know that your days are numbered.

»

Three letters...ssh Look

Submitted by work-a-round (not verified) on Tue, 08/05/2008 - 9:44am.

Three letters...ssh

Look into it.

»

My main concern with that is

Submitted by jrenaut on Tue, 08/05/2008 - 10:41am.

My main concern with that is that I no longer have plausible deniability.

»

Yeah they have the right to

Submitted by Andy on Tue, 08/05/2008 - 10:35am.

Yeah they have the right to do whatever they want while we're on their network but I think that if you block it the only thing you're really doing is stopping the dumb employees.

Maybe that's enough since those are probably the most at-risk employees but I think it just angers the smart ones even more and makes them want to quit your stupid job.

And by the way, the IT support staff are the worst abusers of company security that I know of. It's their little chance to be above the law...

»

Treasury employee?

Submitted by 125 (not verified) on Tue, 08/05/2008 - 1:26pm.

Treasury employee?

»

Contractor.

Submitted by jrenaut on Tue, 08/05/2008 - 2:09pm.

Contractor.

»

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

T-Shirts!
Support This Site