Security Basics mailing list archives
Re: Basic Windows Security Question
From: Doug.Janelle () Thermo com
Date: Thu, 31 Mar 2005 16:23:00 -0400
Barrie wrote:
There are very few reasons to use external media on a connected network like this. The admin can and should manage all software installs, Data can be passed around over the network. On the rare occasion that something absolutely has to be on physical media, let it go through IT for checking first.
Couldn't agree more! User's should have no need for passing data via any method outside the network. Those that are able to do so should be limited in number (clearly IT, and possibly a marketing or accounting POC, but not everyon in the dept). Unfortunately, actually implementing and enforcing such a policy is likely doomed to failure without full support from very, very high up the chain. <snip>
If you are the admin and/or in charge of network security. It is your role to encourage the most secure option you can, it's then the responsibility of the users to ask you to relax some policies for their convenience. In most businesses this trade off is inevitable, but you must, as the security professional on-site, strive for the absolute best practise.
Ask any admin what the best practice for a firewall is, and most will (correctly) respond "Block everything, then open only what's needed." So why do so many admins have so much trouble applying the same principal to other areas? Does every user really *need* a CD-ROM drive, let alone a CD burner? No. Floppy drive? No. USB device? No. We should err on the side of caution and, like our firewalls, protect all our data egress points with the idea that it will, by default, be blocked/disabled unless and until there is a clear business justification to the contrary. dcj2 --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 05)
- Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
- Re: Basic Windows Security Question Barrie Dempster (Apr 12)