Incredibly ineffective security

I’m often amazed at the lengths that companies will go to in order to ‘secure’ their networks and computer systems from tampering. I’m also amazed at how prevalent security holes are in their systems on a regular basis.

I do a fair amount of traveling throughout the Northeast doing security consulting for Fortune 1000 companies. Of the dozen or so clients I’ve had this past year, I can think of only three who even let me plug my laptop into their networks at all. The rest made me use a guest Wifi network.

Today, I’m writing this post from the lounge of a local Honda dealer and using their guest Wifi network. And you know what? My own website is blocked by a program they have running called ‘Websense’. Apparently my blog falls under the category of ‘Games’. Talk about ridiculous.

I decided to do a little investigative work. Although my web browser is blocked from getting to, I can ping the IP address, which shows that only web based GET or POST requests are probably being filtered. I can also tunnel into my office VPN, thereby rerouting my traffic, bypassing Websense and doing anything I want anyway. Way to go Websense!

I’m sure that Websense has its uses. The fact is that the reason they probably have it implemented is because they don’t want their employees inadvertently downloading content that is inappropriate for the workplace. One of my previous employers used web based filtering software as well. There were a pair of developers in my group who used to prank each other quite often. One evening, one programmer broke into the other programmers’ computer and set her desktop background image as porn. Very funny, but also a very good way to find yourself in the middle of a lawsuit based on sexual harassment.

I understand that I have not done anything to bypass the filtering that would be considered particularly difficult, but the fact that the Websense filtering was so easy to circumvent illustrates one very important point that I harp on to all of my clients. If there’s a talented malevolent hacker bent on breaking into your network, there’s absolutely nothing you can do to stop them short of unplugging your computers. It’s just not possible.

Any network of sufficient size and complexity can eventually be broken, either by physical, social, of electronic methods.

Leave a Reply