Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Basic Windows Security Question

from [Dante Mercurio] Network Security [Permanent Link]
Subject: RE: Basic Windows Security Question
Date: Tue, 5 Apr 2005 12:27:33 -0400 
Since I didn't see it mentioned in the other replies but a product that
can do this is:
http://www.gfi.com/lanpsc/

In addition to the problems mentioned regarding numerous workarounds
that users will find, I've found with these kinds of issues a major
obstacle is management support. Upper management are the first ones to
make themselves exceptions and then next thing you know the exception is
the rule and the restritions don't apply to anyone.

Good Luck,
M. Dante Mercurio, CISSP, CWNA, Security+, SCSP

-----Original Message-----
From: Andrew McIntosh [mailto:amcintosh@networkadvocates.com] 
Sent: Tuesday, March 29, 2005 4:21 PM
To: security-basics@securityfocus.com
Subject: Basic Windows Security Question

Hello Everybody,

I am curious to see the different suggestions for this scenario:

Suppose you have a small company of less than 100 employees. One of the
employees likes to bring his work home on occasion. He does so using a
USB thumb drive. One day he catches a [virus, worm, Trojan, spyware,
anything you can think of] at home and it winds up on his thumb drive,
which he in turn brings to the company network.

The company certainly should have anti-virus software in place, which
would fix that problem. But what if he unknowingly loads a key logging
program that could capture private customer information? What do you
suggest? Here is what I could think of so far:

Disable USB Port - That would solve the particular problem and create
other problems. For instance, substitute the thumb drive with a floppy
disk or CD. For obvious reasons you don't want to disable those as well.

Restrict user permissions - That could potentially prevent a program
from installing itself, but it would also cause the user some grief if
they need to install programs themselves, or even do simple things like
changing personal settings.

Security Policy - Haven't looked into this yet, but maybe there is a way
to prevent the use of thumb drives and other specific devices through
security policy.

What do you think?

Thanks!

====================
amcintosh@ntad.com
====================


---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security 
professionals.  Norwich University is fulfilling this demand with its MS in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Microsoft Software Auditing ?, Steve Hillier
Next by Date:  RE: Microsoft Software Auditing ?, Charles Otstot
Previous by Thread:  Re: Basic Windows Security Question, C. Francis Pineda
Next by Thread:  Re: Basic Windows Security Question, Barrie Dempster
Indexes:  [Date] [Thread] [Top] [All Lists]