Re: Basic Windows Security Question

Doug.Janelle_at_Thermo.com
Date: 03/31/05

  • Next message: Herman Frederick Ebeling Jr.: "RE: Basic Windows Security Question"
    To: security-basics@securityfocus.com
    Date: Thu, 31 Mar 2005 16:23:00 -0400
    
    

    Barrie wrote:
    > There are very few reasons to use external media on a
    > connected network like this. The admin can and should
    > manage all software installs, Data can be passed around
    > over the network. On the rare occasion that something
    > absolutely has to be on physical media, let it go through
    > IT for checking first.

    Couldn't agree more! User's should have no need for
    passing data via any method outside the network. Those
    that are able to do so should be limited in number (clearly IT,
    and possibly a marketing or accounting POC, but not
    everyon in the dept). Unfortunately, actually implementing
    and enforcing such a policy is likely doomed to failure without
    full support from very, very high up the chain.

    <snip>
    > If you are the admin and/or in charge of network security. It
    > is your role to encourage the most secure option you can,
    > it's then the responsibility of the users to ask you to relax
    > some policies for their convenience. In most businesses this
    > trade off is inevitable, but you must, as the security professional
    > on-site, strive for the absolute best practise.

    Ask any admin what the best practice for a firewall is, and most
    will (correctly) respond "Block everything, then open only what's
    needed." So why do so many admins have so much trouble
    applying the same principal to other areas? Does every user
    really *need* a CD-ROM drive, let alone a CD burner? No.
    Floppy drive? No. USB device? No. We should err on the side
    of caution and, like our firewalls, protect all our data egress points
    with the idea that it will, by default, be blocked/disabled unless and
    until there is a clear business justification to the contrary.

    dcj2

    ---------------------------------------------------------------------------
    Earn your MS in Information Security ONLINE
    Organizations worldwide are in need of highly qualified information security
    professionals. Norwich University is fulfilling this demand with its MS in
    Information Security offered online. Recognized by the NSA as an
    academically excellent program, NU offers you the opportunity to earn your
    degree without disrupting your home or work life.

    http://www.msia.norwich.edu/secfocus_en
    ----------------------------------------------------------------------------


  • Next message: Herman Frederick Ebeling Jr.: "RE: Basic Windows Security Question"