|
I can't think of any potential benefit for internet access to these sort of work stations, and I can think of all kinds of downside intrusion and data compromise risks as described above.
|
Originally Posted by sbm12
(Post 11196795)
And there is no way that a trojan could use port 80, right? It isn't like AOL wrote thte AIM application to do exactly that 5+ years ago when it started getting blocked by firewalls. :rolleyes:
Sorry, but even putting a proxy server in place doesn't really protect the systems. Either they are isolated or they are not. That's really the only way computer security works. Nothing is 100% ever, but there are ways to pretty safely protect a client system that is exposed to the internet... AIM is the biggest trojan of them all, and legal at that! LOL :) |
Originally Posted by speedster1978
(Post 11196487)
Considering that more then likely their internet surfing goes through a proxy... which means they don't have DIRECT internet access... I don't see the issue in this at all...
Their proxy system would have to be compromised, for people to gain internal access to the company... just throwing a trojan or worm on any good secured system won't do much... Systems with ALL internet headed traffic being sent through a proxy, won't allow a trojan/worm to send things back home... only certain ports are allowed open... |
Originally Posted by Mabuk dan gila
(Post 11189946)
Any internet connected computer is potentially at risk of the user doing something stupid that will compromise it's security. I am sure there is good security in place but the only absolute security against internet based threats is not being connected to the internet. Connecting a secure network to an insecure network invites shenanigans and is a security risk to the secure network.
|
Originally Posted by Italy98
(Post 11199581)
Many companies have security features in place that would allow you to go to "I need flowers for mom's birthday.com" while blocking "who is the hottest pole dancer.com", along with not being able to install unauthorized software. Plus we don't know if this specific computer was connected to a secure network or a separate computer setup for use during time off or slow periods.
Yes, it is entirely possible that they have implemented some security measures to help protect those systems. I'm sure that there is a firewall of some sort involved and also probably also some local client security solution in place. That still doesn't mean that allowing access is a secure action. Consider a similar situation. Boeing is claiming that they can have the same wiring in the 787 carry both flight control data and IFE communication. Even with "security" solutions in play no one in their right mind would agree that it is a secure implementation. The real question is whether those computers are or should be considered secure. Considering the access that I assume they have to the passport data, I would hope that they are secure. If they are, they should be isolated. |
Originally Posted by sbm12
(Post 11199943)
No filtering solution is 100%. And the computer in question was inside one of the booths where the agents sit to actually clear folks.
Yes, it is entirely possible that they have implemented some security measures to help protect those systems. I'm sure that there is a firewall of some sort involved and also probably also some local client security solution in place. That still doesn't mean that allowing access is a secure action. Consider a similar situation. Boeing is claiming that they can have the same wiring in the 787 carry both flight control data and IFE communication. Even with "security" solutions in play no one in their right mind would agree that it is a secure implementation. The real question is whether those computers are or should be considered secure. Considering the access that I assume they have to the passport data, I would hope that they are secure. If they are, they should be isolated. |
I have no idea about the technical ramifications, but a few years ago, I was flying in to BOS to give a talk. I was using my British passport under vWP.
At initial screening, the CBP officer said that I had "visited the US too often" and asked why -- I said that it was mostly because I was an academic, but also have friends/family here. Anyway, I was asked to go for more detailed screening... Some long wait later, I go up to be interviewed, the guy asks me why I'm here, I say I'm giving a talk at a university. He asks what my field is, I reply, then he starts quoting one of my academic papers at me! I was in total shock, thinking the CIA or whatever had a file on me. After a brief pause, I asked him how he found that out. One word response: "google".;) To be honest, if I was a determined threat, I would have prepared a thorough back story anyway, including google-accessible data, but to the casual liar/ illegal, it may be of some limited value. tb |
Hey do any of you realize just how much sensitive data is collect on foreign guest??? Now this stuff is obviously wide open to be skimmed. Now some of YOU wonder why I am worried?
|
Two thoughts come to mind.............
(A) Garbage in = garbage out (B) The more hay in the haypile = the more difficult to find the needle MisterNice |
How many of the people complaining here are the same ones that complain when their employers limit their access to the internet?
I work for the government and the computers are locked down so tight that it becomes impossible to work efficiently (i.e. thumb drives, preventing us from getting on required govt web sites, etc...). I especially liked when they blocked the website to complete the mandatory computer security training. Any time you use an ATM that info is going over the internet. Every Company you do business with likely puts your information on a server. It is encrypted as I am sure that CBP info is to their servers. Yes, there is risk at plugging any computer into the internet. We either must accept that risk as a part of doing business today, or the internet becomes a vast repository of pirated music and porn and we go back to paper records for everything. |
What if the user's internet sessions is being run in a Citrix window... which is easily setup and run. No direct internet access to the machine at that point...
|
Originally Posted by speedster1978
(Post 11206719)
What if the user's internet sessions is being run in a Citrix window... which is easily setup and run. No direct internet access to the machine at that point...
|
Originally Posted by crwilsn
(Post 11206653)
I work for the government and the computers are locked down so tight that it becomes impossible to work efficiently (i.e. thumb drives, preventing us from getting on required govt web sites, etc...). I especially liked when they blocked the website to complete the mandatory computer security training.
Any time you use an ATM that info is going over the internet. Every Company you do business with likely puts your information on a server. It is encrypted as I am sure that CBP info is to their servers. |
Originally Posted by sbm12
(Post 11206742)
If it was, it was a darn good seamless window session. I do not think that was the case.
On a lot of the secured machines, we have applications running off Citrix, no local apps installed, works great, especially as the end user can't mess with things, and can only use the application. |
Originally Posted by speedster1978
(Post 11209250)
You couldn't tell with our Citrix apps if it was running local or from Citrix... no frame around the app, and the window can be maximized just like it was a regular app.
On a lot of the secured machines, we have applications running off Citrix, no local apps installed, works great, especially as the end user can't mess with things, and can only use the application. |
| All times are GMT -6. The time now is 3:34 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.