Re: Linked-in and its Phishing-like contacts option!

[Bennett Todd <bet () rahul net>]

If user operational security was adequate, we could retire our firewalls,
let our users remote compute with full VPNs in and out, and replace these
relatively slow, fragile, complex, maintenance-intensive sets of boxes with
wire-speed switches.

Plus IDS.

If we feel user operational security isn't adequate, I think it's a fair
topic of discussion, because the drive to try to mend or at least detect
issues ends up in our hands.

We can secure every machine that has IP connectivity to the inside net,
more or less, but user operational security lapses will let vandals or
thugs molest our users.

> From everything I've heard, the targets of some recent high-profile
intrusions had petty good security architecture in place.

Whether it's carrying USB sticks between home and work, or clicking on
links using an overly-complex and hence insecure browser or MUA, folks need
to get their work done.

Some behavior problems can sometimes be partially addressed by training,
but mostly, if there's a problem, we should look for a way to adjust our
firewall and the services it permits, or provide companion services
(owncloud sounds interesting) to help them get their work done without
exposing themselves to folk with hostile intent.

I think discussion of what we should try to do, and why, is every bit as
relevant as - and maybe more useful than - chatting about how best to do it.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards