Re: Where should security exist?

From: blaxshep (Jim_Campau@bausch.com)
Date: 07/24/02


From: "blaxshep" <Jim_Campau@bausch.com>
Date: Wed, 24 Jul 2002 17:40:11 -0400


You definately want to lock down workstations. Security issues aside, do you
want to be reinstalling work stations everytime someone installs
unauthorized crap on thier workstation and alters their configuration? I
hope you have virus scanners running on these free reign PCs. If not your
really asking for it.

"Keith W. McCammon" <km@km.com> wrote in message
news:u5Wap#0MCHA.1888@tkmsftngp10...
> > Even if all the data was being saved on the servers,
> > wouldn't you still risk the fact that a user can download
> > and run some program that can comprise the security of
> > the entire network.
>
> Yep! In a heartbeat...
>
> > I am just thinking, if over 70% of the companies that get
> > hacked, get hacked from within their organization, why
> > would it be a bad practice to harden the security on
> > workstations as well the servers.
>
> It wouldn't.
>
> > The article I read was written by someone who said was a
> > consultant for Pricewaterhouse.
>
> Then I wouldn't hire them for network security consulting. As I
mentioned,
> you can't believe everything that you read, especially in this industry.
> Folks like that mainly exist to make people, and to confuse less educated
> folks into hiring PWC (or any firm, for that matter) to perform largely
> unneeded consulting services.
>
>