Re: Basic Windows Security Question

• Previous message: Antonio Weber: "Re: Scanning--more then one side to the argument"
• Maybe in reply to: PC Sage Information Services: "Re: Basic Windows Security Question"
• Next in thread: Danny Puckett: "Re: Basic Windows Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: Thu, 31 Mar 2005 16:23:00 -0400

Barrie wrote:
> There are very few reasons to use external media on a
> connected network like this. The admin can and should
> manage all software installs, Data can be passed around
> over the network. On the rare occasion that something
> absolutely has to be on physical media, let it go through
> IT for checking first.

Couldn't agree more! User's should have no need for
passing data via any method outside the network. Those
that are able to do so should be limited in number (clearly IT,
and possibly a marketing or accounting POC, but not
everyon in the dept). Unfortunately, actually implementing
and enforcing such a policy is likely doomed to failure without
full support from very, very high up the chain.

<snip>
> If you are the admin and/or in charge of network security. It
> is your role to encourage the most secure option you can,
> it's then the responsibility of the users to ask you to relax
> some policies for their convenience. In most businesses this
> trade off is inevitable, but you must, as the security professional
> on-site, strive for the absolute best practise.

Ask any admin what the best practice for a firewall is, and most
will (correctly) respond "Block everything, then open only what's
needed." So why do so many admins have so much trouble
applying the same principal to other areas? Does every user
really *need* a CD-ROM drive, let alone a CD burner? No.
Floppy drive? No. USB device? No. We should err on the side
of caution and, like our firewalls, protect all our data egress points
with the idea that it will, by default, be blocked/disabled unless and
until there is a clear business justification to the contrary.

dcj2

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

• Previous message: Antonio Weber: "Re: Scanning--more then one side to the argument"
• Maybe in reply to: PC Sage Information Services: "Re: Basic Windows Security Question"
• Next in thread: Danny Puckett: "Re: Basic Windows Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]