Security Basics mailing list archives

Re: Basic Windows Security Question

From: Doug.Janelle () Thermo com
Date: Thu, 31 Mar 2005 16:23:00 -0400



Barrie  wrote:

There are very few reasons to use external media on a
connected network like this. The admin can and should
manage all software installs, Data can be passed around
over the network. On the rare occasion that something
absolutely has to be on physical media, let it go through
IT for checking first.


Couldn't agree more! User's should have no need for
passing data via any method outside the network. Those
that are able to do so should be limited in number (clearly IT,
and possibly a marketing or accounting POC, but not
everyon in the dept). Unfortunately, actually implementing
and enforcing such a policy is likely doomed to failure without
full support from very, very high up the chain.

<snip>

If you are the admin and/or in charge of network security. It
is your role to encourage the most secure option you can,
it's then the responsibility of the users to ask you to relax
some policies for their convenience. In most businesses this
trade off is inevitable, but you must, as the security professional
on-site, strive for the absolute best practise.


Ask any admin what the best practice for a firewall is, and most
will (correctly) respond "Block everything, then open only what's
needed." So why do so many admins have so much trouble
applying the same principal to other areas? Does every user
really *need* a CD-ROM drive, let alone a CD burner? No.
Floppy drive? No. USB device? No. We should err on the side
of caution and, like our firewalls, protect all our data egress points
with the idea that it will, by default, be blocked/disabled unless and
until there is a clear business justification to the contrary.

dcj2



---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

Current thread:

RE: Basic Windows Security Question David Gillett (Apr 04)
- Re: Basic Windows Security Question Ansgar -59cobalt- Wiechers (Apr 05)
- <Possible follow-ups>
- Re: Basic Windows Security Question Doug . Janelle (Apr 04)
- RE: Basic Windows Security Question Herman Frederick Ebeling Jr. (Apr 04)
  - Re: Basic Windows Security Question Steve (Apr 05)
  - Re: Basic Windows Security Question Sebastian (Apr 06)
- Re: Basic Windows Security Question Danny Puckett (Apr 04)
- Re: Basic Windows Security Question Steve (Apr 04)
- Re: Basic Windows Security Question C. Francis Pineda (Apr 05)
- RE: Basic Windows Security Question Dante Mercurio (Apr 06)
  - Re: Basic Windows Security Question Barrie Dempster (Apr 12)