Web access for everyone

[Alex Lim <mwlalex () magix com sg>]

Hi all,

I am checking out on this scenario in order to make a proposal to my
company.

We have employees and system/network administrators who wanted web
access from their desktops. Employees are allowed through the firewalls
via a proxy. The risk that we can foresee is one in which a user
download a virus or a trojan that works on a HTTP covert channel. So, an
added counter-measure to this potential breach of the desktops is to
install a virus shield and a personal IDS like BlackIce Defender. 

However, for a system/network administrator who most likely has accesses
to more sensitive servers and has more confidential data cached or filed
in his desktop, I believe the risk is definitely much higher from the
company's perspective. Other than removing that web access from the
administrator, is there anything else that we can do to make the
administrator PC more secured ? 

Your opinions or experiences pls ? Any comments will be appreciated.

TIA
Alex

p.s. BTW, I welcome any comments on the BlackIce Defender.