|
 |
Wednesday, August 07, 2002 |
My favorite thing about Groove: Pure Anarchy but in a healthy way. What is that screeching sound? [link from Jeroen Bekkers Groovie Web log]
I need to block access to Groove completely for our users - we don't want any peer-to-peer software, no mater how supposedly secure, running on our network workstations. Some of our 'brighter' users have downloaded the trial version, and I want to block it completely through the firewall. As Security administrator I am very worried that, when firewall port 2492 is shut down, the software drops to port 80 for all it's communications. Blocking port 80 would, of course, remove the majority of our web access for the rest of our users, so this is not feasible. (I am also very concerned that the users are downloading and installing with impunity, but that is another battlefield not for this forum).
I am surprised that, given Grooves apparent dedication to the security of the files and systems involved, that the Groove software bypasses corporate security rules with impunity, potentially setting the corporation up for compromise through the software they provide. I hope that Grooves legal insurance is up to date 
Any info on how to block this completely (apart from the obvious forcing the users to de-install - which won't stop them reinstalling afterwards) would be gratefully received.
Richard
Reply from the board
This is only a suggestion and not really the answer you seek, but;
Have you tried to establish why your users are downloading Groove? It is not the most advertised peice of code, they must be gaining some benefit from it. If so, does this benefit outway the perceived risk ?
As far as 'Groove software bypasses corporate security rules'. I think not. Its your user community thats doing that, Groove is not aware of your, or anyone elses 'corporate security rules', its just doing what it was designed to do, and very well too.
As to your original post, I know of no way of blocking Groove other than using the Enterprise Management Server, that has been developed for the purpose of providing IT management with the tools to control the Groove user community within a corporate environment.
Richard shoots back
Clive,
I agree that the user community are bypassing the security rules, and as I mentioned in my original post, this is another battlefield not for here. Regarding ascertaining why they are downloading the software, this is something we are looking into currently, but it seems to be a tendency to download trial software before asking the people who should be doing the investigation and analysis (i.e. us, the experts). This is also something that contravenes our policies, and measures are being taken (again not for here).
My major concern with Groove, which prompted my comment about the fact that it bypasses the security policies is the way that, if the individual version is downloaded and installed (see above), and the firewall port 2492 is blocked, Groove AUTOMATICALLY changes the port it uses to port 80, which is obviously open on the majority of firewalls. This then effectively negates the efforts of the security team to stop peer to peer file sharing. The others (Morpheus, Kazaa and the like) are all configurable to use other ports than their standard ones, I realize, but Groove is the only one that has the firewall subversion/evasion built in as an automatic feature.
With regards to the Enterprise version, given that the aim is to block the architecture completely, this isn't really a solution, especially when it comes with a hefty price tag in terms of ancilliary costs as well as the licences.
Thanks for the feedback anyway, it is always good to get other peoples points of view on these subjects
Richard
Oh that screeching sound. That’s the sound of IT putting the breaks on in order to bring progress to a screeching halt.
Poor Richard What is he going to do.
But don't miss Phil's clossing comments I think he sums it up well.
Lastly, due to the ability to treat Groove as a distributed operating platform (with all that security stuff made easy), sophisticated extended-supply chain applications that integrate with various center-based systems (e.g. ERP, AR/AP, MRP, KM) can be accomplished. A few years ago I helped run an "internet pure play" firm that designed and engineered B2B infrastructure and trading exchanges. The cost of procuring (2 years ago) the necessary security and messaging infrastructure was > $2M -- before engineering could commence on building the specific applications that lived within this secure infrastructure and the DMZ hosting centers. Groove isn't a panacea, but using it as part of a hybrid b2b infrastructure would have dramatically cut the startup costs for a particular exchange (in my opinion). This is where I hope the security debate shifts to.
-phil | |
 |
|
2:29:18 PM 
|
|
US citizens can send a message to Congress about the Berman Bill via the Electronic Frontier Foundation. [Scripting News]
Lets get this link to the top of daypop.
1:36:22 PM
|
|
Bob Frankston: The Economist, the Internet, Telecom and the Dow. The July 20th cover story on the Telecom Crash draws no distinction between the business of providing commodity Internet connectivity with the business of providing telecommunications-based services. Of course The Economist is not alone in this fundamental error but "Crash" story is a useful foil for addressing this misunderstanding. [Tomalak's Realm]
Its not the lack of growth of data that causes the problem its the fact that they used inflated dramatically over inflated forcast of the rate of growth of data transport to secure multi billion dollar loans.
3G isn't the first example of very unwise investments. Telecom has been viewed as a very capital intensive business and such large bets have become accepted. As long as telecom was an exclusive club no company seemed to be more foolish than another.
His fundamental point is that the mental model of those running the game in the telecom industry is inaccurate. They make decessions based on their mental model such as loaning billons of dollars based on growth rates that are derived from an incorrect model. Its a problem. Internet connectivity should be thought of more like electicity and water a commidity; however picture the size of the dislocation in the workplace that will occurr between now and then.
1:04:34 PM
|
|
Looking out My Kitchen Window, Digitally Speaking Michael Herman writes: (I hope Billg isn't reading this ...) but it occured to me a month or so ago, that I now, on a continuous basis, have several specific applications always open on my desktop ...most of which didn't even exist 4-5 years ago:
Groove Workspace
MSN Messenger
Blogger
Outlook (the exception)
...each of which is an Internet collaboration application.
As a consultant we always set as our target to design a new software application that would dislodge Outlook as the first application people open everyday and the last one they close before they go to sleep. For me it’s been close to two years since Groove took over that spot from outlook. Everyday, Groove is my first open app, my look out the kitchen window to see what the day is going to look like, my link or look to see who is up, who stayed up late, what were they working on. There are always wonderful surprises waiting for me each morning in Groove, the latest build, new and beautiful design comps, or new papers from Jack about his theses.
Dislodging email is huge, but today its down to fourth. Messenger, until recently was the second today Radio has replaced Messenger as my second open application. I open Radio like I open my front door, to check the refers to see who knocked on my door early this morning while I was still sleeping, (Dave is always up early). I open the door grab the morning news as I parse through the entries in my Radio news aggregator. Then I have my morning coffee and I think of something to say, some reason to open the front door and go outside and engage, visit with others, become an active node and wait to see what path to follow or what adventure will come my way today.
10:54:16 AM
|
|
Fishin' With Fog
We went flyfishing on the Frying Pan river this afternoon. Our guide was Jeff Smith, aka Fog, which stands for Fast Old Guy, a reference to his speed on a snowboard, for which he holds a national record. Fog taught Lisa and me, while another guide took Elijah and Syd. I caught a nice brown trout on a green drake dry fly. Elijah caught a rainbow on a nymph. We'll go back tomorrow, then head up to Meredith--the middle of nowhere--for a selective Haverford reunion.
[EdCone.com]
I would like to see Montana.
9:52:54 AM
|
|
© Copyright 2002 Stephen Dulaney.
|
|
Top 10 hits for NORM FORMATION IN SOCIAL NETWORKS on..
 | 9/1/2002; 10:49:34 AM. |
|
|
|
