Re: [fw-wiz] The home user problem returns

From: Jim Seymour (jseymour_at_linxnet.com)
Date: 09/14/05

  • Next message: R. DuFresne: "RE: [fw-wiz] The home user problem returns"
    To: firewall-wizards@honor.icsalabs.com
    Date: Tue, 13 Sep 2005 20:16:27 -0400 (EDT)
    
    

    "Marcus J. Ranum" <mjr@ranum.com> wrote:
    >
    > Mason Schmitt wrote:
    [snip]
    >
    > >User education
    > >----------------
    > >User education still needs to happen
    >
    > Pointless. If educating users was going to work, it would have worked
    > by now. If Anna Kournikova worm and phishing hadn't gotten people
    > to take this seriously years ago, they aren't going to next year, either.
    [snip]
    >

    It may be pointless in home user space, but, IME, it's most definitely
    *not* pointless in the workplace. I regard end-user education as one
    of my best defenses. And it has worked for me.

    Some things that've no doubt helped: Relatively small company--only 150
    or so desktops. Good support from management: Official dispensation to
    *immediately* remove from the network misbehaving machines. I once
    disconnected an entire R&D department. Another time I suspended a
    manager's account (for password sharing). I'm allowed Draconian email
    filtering at the mail gateways. Most of that same filtering is done on
    internal mail servers. But still: End-user education is an important
    component. I have somebody either come to me or email me about how "I
    received this, and it looked suspicious, so I didn't open it. Do you
    want to see it?" on a fairly regular basis.

    Result: We haven't had a single virus/worm/Trojan get loose on the
    network, with *one* exception, in the six years I've been working for
    my current employer. That one exception was a "day 0" kind of a thing,
    infected .zip file, sent from the outside to somebody that was
    expecting an email, with an attachment, from that person. (It didn't
    get far. As luck would have it: Soon after he opened that attachment,
    I had logged-in remotely because of the advisories, detected the spoor,
    and shut down all the mail and POP servers until I got in the next
    morning.)

    Jim
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: R. DuFresne: "RE: [fw-wiz] The home user problem returns"