Educause Security Discussion mailing list archives
Re: Guideline for Restricting Software
From: Scott Wimer <scottw () CYLANT COM>
Date: Sun, 18 May 2003 05:07:12 -0700
Scott, It seems to me that the approach you are suggesting has basically the same scaling problem. Will the supervisor(s) be able to inspect each requested software package sufficiently enough that the process does not turn into a blanket rubberstamp of each request? What makes a supervisor qualified to decide if the software is safe to install? I'm not sure that I could make such distinctions reliably. Regards, scottwimer On Sun, May 18, 2003 at 07:59:33AM -0400, Scott Bradner wrote:
What we're working on now is a lower-level guideline / standard or whatever you care to call such a document. Its purpose is to identify specific categories (and occasionally specific products) that are restricted, possibly prohibited, and would require authorization to install / use.it would seem to me that approaching this issue with teh idea of talking about specific programs is teh wrong approach - it will not scale and will be hard to keep up to date for admin users I would suggest just saying that all software added to a machine must be OKed by a supervisor (this will not work for researchers & students) Scott ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
-- Scott M. Wimer, CTO Cylant www.cylant.com 121 Sweet Ave. v. (208) 883-4892 Suite 123 c. (208) 850-4454 Moscow, ID 83843 There is no Security without Control. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Guideline for Restricting Software Edwards, Francis (May 14)
- <Possible follow-ups>
- Re: Guideline for Restricting Software Edwards, Francis (May 16)
- Re: Guideline for Restricting Software Randy Marchany (May 16)
- Re: Guideline for Restricting Software Scott Bradner (May 18)
- Re: Guideline for Restricting Software Scott Wimer (May 18)