Re: [fw-wiz] The home user problem returns
From: Jim Seymour (jseymour_at_linxnet.com)
Date: 09/14/05
- Previous message: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] The home user problem returns"
- Next in thread: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- Reply: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- Reply: Paul Melson: "RE: [fw-wiz] The home user problem returns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Tue, 13 Sep 2005 20:16:27 -0400 (EDT)
"Marcus J. Ranum" <mjr@ranum.com> wrote:
>
> Mason Schmitt wrote:
[snip]
>
> >User education
> >----------------
> >User education still needs to happen
>
> Pointless. If educating users was going to work, it would have worked
> by now. If Anna Kournikova worm and phishing hadn't gotten people
> to take this seriously years ago, they aren't going to next year, either.
[snip]
>
It may be pointless in home user space, but, IME, it's most definitely
*not* pointless in the workplace. I regard end-user education as one
of my best defenses. And it has worked for me.
Some things that've no doubt helped: Relatively small company--only 150
or so desktops. Good support from management: Official dispensation to
*immediately* remove from the network misbehaving machines. I once
disconnected an entire R&D department. Another time I suspended a
manager's account (for password sharing). I'm allowed Draconian email
filtering at the mail gateways. Most of that same filtering is done on
internal mail servers. But still: End-user education is an important
component. I have somebody either come to me or email me about how "I
received this, and it looked suspicious, so I didn't open it. Do you
want to see it?" on a fairly regular basis.
Result: We haven't had a single virus/worm/Trojan get loose on the
network, with *one* exception, in the six years I've been working for
my current employer. That one exception was a "day 0" kind of a thing,
infected .zip file, sent from the outside to somebody that was
expecting an email, with an attachment, from that person. (It didn't
get far. As luck would have it: Soon after he opened that attachment,
I had logged-in remotely because of the advisories, detected the spoor,
and shut down all the mail and POP servers until I got in the next
morning.)
Jim
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] The home user problem returns"
- Next in thread: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- Reply: Tina Bird: "RE: [fw-wiz] The home user problem returns"
- Reply: Paul Melson: "RE: [fw-wiz] The home user problem returns"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
