Security Basics mailing list archives
Re: Inputs appreciated
From: Philip Storry <phil () philipstorry net>
Date: Fri, 10 Jan 2003 18:09:02 +0000
Hello Rodel, Thursday, January 9, 2003, 3:12:56 PM, you wrote: RC> Don't know if this is the right place to post this. Are the out of RC> office messages inviting hackers to attack your corporate network? RC> Is this a risk to your company if employees start using the Out of RC> Office feature? I don't feel that they are a serious issue. Out of Office agents are more useful to those trying to socially engineer their way into your organisation and its systems than they are any kind of technical threat. However, if you do feel that they are a problem, then I would suggest that you look at implementing a procedure whereby holidays should require notification of the IT/IS teams, so that the user's accounts can be disabled for the duration of their absence. That may be a wise precaution of the user would have no remote access anyway. Of course, for homeworkers/teleworkers it may be seen as a bit of a pain, so for them I would advise consultation with their boss to determine whether or not their accounts would be disabled. If they're in tahiti for a month, then there's a good case for Yes. If they're at home doing some DIY, then maybe not. This is good in that they can still receive mail, but their account cannot be used to access the email or other systems. And let's not forget that some users hate you taking anything away form them. You may have an uphill battle (politically) if you do try to ban them. RC> Any comments? Yes - I think you should read Kevin Mitnick's "The Art of Deception". Hopefully, it will clarify that this is more of a social than technical problem. :-) -- Best regards, Philip mailto:phil () philipstorry net
Current thread:
- Inputs appreciated Rodel Calvario (Jan 10)
- Re: Inputs appreciated Meritt James (Jan 10)
- Re: Inputs appreciated tony tony (Jan 10)
- Re: Inputs appreciated Philip Storry (Jan 11)
- Re: Inputs appreciated Jonathan Nichols (Jan 14)
- <Possible follow-ups>
- RE: Inputs appreciated Mutovic, Andre (Jan 10)
- Re: Inputs appreciated Joris De Donder (Jan 10)
- Re: Inputs appreciated bsec (Jan 10)
- RE: Inputs appreciated Wolf, Glenn (Jan 11)
- RE: Inputs appreciated Mark Kelsay (Jan 14)
- Re: OOF messaging stefmit (Jan 16)
- RE: Inputs appreciated Mike Heitz (Jan 15)
- Re: Inputs appreciated Chris Berry (Jan 15)
- RE: Inputs appreciated Mark Reardon (Jan 20)
(Thread continues...)