On 23/06/07, Michael Watterson <watty at eircom.net> wrote:
> My conclusions about security :
I agree in general. A few small comments inline:
> 2) Users have to be allowed access to their own PCs, unfortunately, so
> they need training. Works better than AV software.
Good point. Maybe combine this with automatic quarantining of email
attachments at the MTA and a Squid proxy that knows about the
stopmalware.org list.
> 3) External Access. Don't allow unknown providence SW to be run.
> Floppy, CD, or Internet. Why almost every PC supplied had Floppy left
> as default boot device? Disable all network bindings and services not
> needed.
PCs come with a default boot device so you can over-right the Windows
install right of the bat! ;)
/me ducks
But yes, disable this shite straight off.
> 4) Don't run AV software as (a) Gives users a false sense of security so
> they won't bother with lessons in (2) and (b) It doesn't really work
I like this point.
> 5) Be 110% expert in configuring any service / device connected to Internet.
This is the hard part. And actually, it might be impossible. Hence
Bruce Schneier's point about security service providers.
--
Cheers,
Josh
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
