By-passing Network Security

The Wall Street Journal recently published, "Ten Things Your IT Department Won't Tell You". It's a shame they don't address the main reason we won't tell the users - because if they by-pass security & get infected, it's not always just their PC that suffers, but the entire network. Most networks don't have much in the way of internal security - make it through the perimeter & you have free access inside. Most security & rules are in place for the dumber users & while a savvy user is often hampered by them, even they have their off days.

Example: One of the owners of a company I know was making plane reservations. He & a couple of others had recently made IT take the email block off of compressed files - said it hampered business to have them wait until they released them. He got an email with a subject line of "Reservation" at 5pm, opened it & clicked on the attachment, part4.zip. He saw it wasn't what he thought & deleted.
At 6pm, the help desk guy called the Network Admin at home. Files were disappearing off the network. Turns out the partner had opened a new kind of virus & it deleted thousands of files randomly on the network drives, where he had access. This means files were deleted at the end of the work day before the backup had run - a full day's work lost for many.
Luckily, the network was Novell because the Salvage utility could be used to get all the files back. It meant the Network Admin came in at 2am & worked until 11am the next morning doing that - it was a manual process. Without the Microsoft client on any PC's & GroupWise as the email system, the virus stayed on that one machine & the damage ended when it was unplugged it from the network.
Another company got hit with the same virus. This virus went right through Postini, one of the best email services. This company had backup problems the past few nights & wound up losing lots of files for 3 days. They also had their server get infected since it was a Windows server with Exchange, so it deleted files & since it is logged in as Admin, not just a regular user, some of the files were really important. Their PC's ALL got infected & they were SEC traded. Very, very bad. It took them weeks to clean up completely & then they had to go through an audit. I never heard how much money & time they lost, but it was a lot.
That virus was MyDoom & it caused all kinds of havoc. Like all of them now, it got around the world in minutes - literally minutes - while antivirus signatures take hours or days to be generated. The AV companies have to get them, figure out how to deal with them, write it up, check it & finally get it out to their clients. Clients get new signatures sometimes hourly, but more often daily. The virus mass mails itself all over so the only way to block something like that is to block the kind of file it is. The first company had been blocking compressed files for this reason, but users protested because it hampered work. Needless to say, the blocking went back on, but it was still a pain. The IT Department didn't like logging in a dozen times a day to a site to see if new files have come in any more than users like having them delayed. It's a pain on both ends.

It's the responsibility of the IT Department to make sure users can work, but users who skate around security aren't just risking themselves, but the entire company & they need to know that. Internal security is expensive, time consuming & frustrating - often impossible. Some companies have taken to putting laptops on separate legs so they have to attach to the network through a firewall because of bringing in bad stuff. It just makes everyone's work much tougher, though. Lots more for IT to do & we generally have more than enough. It's also expensive & budgets are tight.