nanog mailing list archives
Re: EBAY and AMAZON
From: Jimmy Hess <mysidia () gmail com>
Date: Tue, 12 Jun 2012 07:20:09 -0500
On 6/12/12, Keith Medcalf <kmedcalf () dessus com> wrote:
Windows security sucks.The real problem with Windows is that there exist folks who believe that it is, or can be, secured. They believe the six-colour glossy, the Gartner
[snip] Well, they are right. Windows can be secured. The problem is it It won't be secured in practice. Because that's too hard, and truly securing Windows will be rejected by the user, because many applications used in practice are not implemented securely on the platform. Users of Windows endpoints require functions such as Web Browsers, Flash, their favorite Office applications, PDF Viewers, and remote share access.
You would be surprised at the number of Fortune 500 companies that lock-down their >policies into deliberately insecure settings, and refuse to permit more secure settings. ..
This is because, while you would expect IT to understand the importance of security. "Lock Down" has a perception of security attached to it. In practice, "Lock-Down Policies" and standardization have nothing positive to do with security, but IT convenience, and reducing support costs, by attempting to enforce a standardized endpoint experience. They can lead to less security if done without extra security review. Hopefully they also include a backup/imaging system to recover, when the lock-down policy makes it break, however.
This is, unfortunately, a typical reaction which arises from a failure to carry out proper root-cause analysis. The root cause of the issue is not "thumb drives", "baby fingernail drives", or whatever removable media type.
The windows shell is to blame, but you can provide an alternate shell that doesn't do that "magical executable code insertion" stuff and disable Explorer. -- -JH
Current thread:
- Re: EBAY and AMAZON, (continued)
- Re: EBAY and AMAZON Gary Buhrmaster (Jun 12)
- Re: EBAY and AMAZON Barry Shein (Jun 13)
- Re: EBAY and AMAZON Dave Hart (Jun 13)
- Re: EBAY and AMAZON Barry Shein (Jun 13)
- RE: EBAY and AMAZON Keith Medcalf (Jun 13)
- Re: EBAY and AMAZON Rich Kulawiec (Jun 13)
- vulnerability and popularity (was: EBAY and AMAZON) Andrew Sullivan (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Aled Morris (Jun 13)
- Re: vulnerability and popularity (was: EBAY and AMAZON) Owen DeLong (Jun 13)
- Re: EBAY and AMAZON Doug Barton (Jun 13)
- Re: EBAY and AMAZON Jimmy Hess (Jun 12)
- Re: EBAY and AMAZON JC Dill (Jun 13)
- Re: EBAY and AMAZON valdis . kletnieks (Jun 13)
- Re: EBAY and AMAZON Jeroen van Aart (Jun 14)