Security Basics mailing list archives

Re: Re: Re: security products

From: chmod1777 () invalid-host name
Date: Thu, 19 Feb 2009 09:10:32 -0700

I agree with Dan that if it can be read, even casually, one time by someone then it can be copied. 

I totally disagree however, that you "NEED" to trust your employees. You don't need to, and shouldn't. Every internal 
breach we ever hear about, was from a "trusted" employee.

The security needs to be layered. Yeah, you can passwd protect the docs themselves (even if it isn't totally safe). But 
add directory permissions. Someone mentioned AD. I'd use AD and setup groups. I'd organize the files based on need. Not 
everyone needs access to every file in a directory, and shouldn't have that access just so it makes it simpler for the 
admin. That's just BEGGING for something to happen IMO. It needs to be spread out. And there are likely employees that 
have absolutely no need for anything on that fileserver, and should be completely blocked from it.

From the sounds of it, it's a smaller company. Hopefully they have an AD domain setup, and not everyone is their own 
local admin. But we all know how that goes...


YMMV

Kurt Kessler

Current thread:

RE: security products, (continued)
- RE: security products darin.franklin (Feb 18)
- Re: security products Francesc Vila (Feb 18)
- Re: security products Rainer Giedat (Feb 18)
  - Re: security products Melvin (Feb 19)
- RE: security products Rajagopalan Raman (Feb 19)
- Re: security products Meenal Mukadam (Feb 19)
- Re: Re: security products dan . crowley (Feb 19)
- Re: security products rohnskii (Feb 19)
- Re: security products praveen_recker (Feb 19)
  - Re: security products Juan Pablo Macias (Feb 19)
- Re: Re: Re: security products chmod1777 (Feb 19)