Re: New IE flaw and exploit sites/migration to non-MS browser
- From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
- Date: Sat, 01 Apr 2006 10:01:40 -0800
Sometimes they are in banner ads and you just don't know. I don't have enough hours in the day to build a "white list" of trusted business sites that my firm needs to use given the needs of my business.
This is the fundamental argument where the security guys need to understand that I don't build or use tanks, warfare or other military like stuff. I run a business. I evaluate based on risk, not on black and whites of security. I deal with being good enough and "reasonable" security measures...not absolutes.
But yes, everyone in my office has and has signed an acceptable use policy... there are samples of such on the SANS.org web site (click on the policy button at the top)
Besides...unless you are signed up with Websense... exactly "how" do you know what that list of sites are?
Thomas W Shinder wrote:
A more important issue is the AUP your company has. If you are
*enabling* users to access compromised sites, then there's a problem
with AUP, or your network infrastructure team thinking they understand
security.
Have off network security to network security personnel who understand
application layer inspection and outbound access control based on
user/group membership.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] [mailto:sbradcpa@xxxxxxxxxxx] Sent: Friday, March 31, 2006 5:08 PM
To: bkfsec
Cc: Murad Talukdar; focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: New IE flaw and exploit sites/migration to non-MS browser
How many of you are running as non admin? Used the Group policy to adjust and allow approved active X?
Now I'm no coder...but from threads I've seen.... Firefox's Extensions are ripe for fun and excitement.
Is it IE that's insecure? Or how the workstations are setup in the first place?
bkfsec wrote:
Murad Talukdar wrote:away from IE to
On a related note--how many people have initiated a move
architectural tie-inFirefox/Opera etc in a corporate environment, due to the perception(is itWe have in certain areas. It's very much reality-based that IE is less secure and more prone to exploit than other browsers, for a number of reasons, not the least of which is IE's
JUST a perception or reality based?) that IE is less secure/more prone to
exploits?
with the MS Windows operating system.--------------------------------------------------------------
-bkfsec
-------------
--------------------------------------------------------------
-------------
--
Letting your vendors set your risk analysis these days? http://www.threatcode.com
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
--
Letting your vendors set your risk analysis these days? http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Prev by Date: Re: New IE flaw and exploit sites/migration to non-MS browser
- Next by Date: Re: New IE flaw and exploit sites/migration to non-MS browser
- Previous by thread: Re: New IE flaw and exploit sites/migration to non-MS browser
- Next by thread: Re: New IE flaw and exploit sites/migration to non-MS browser
- Index(es):
Relevant Pages
|
