Josh Glover wrote:
> On 23/06/07, Michael Watterson <watty at eircom.net> wrote:
>>> My conclusions about security :
>> I agree in general. A few small comments inline:
>>> 2) Users have to be allowed access to their own PCs, unfortunately, so
>> they need training. Works better than AV software.
>> Good point. Maybe combine this with automatic quarantining of email
> attachments at the MTA and a Squid proxy that knows about the
> stopmalware.org list.
>>> 3) External Access. Don't allow unknown providence SW to be run.
>> Floppy, CD, or Internet. Why almost every PC supplied had Floppy left
>> as default boot device? Disable all network bindings and services not
>> PCs come with a default boot device so you can over-right the Windows
> install right of the bat! ;)
>> /me ducks
>> But yes, disable this shite straight off.
>>> 4) Don't run AV software as (a) Gives users a false sense of security so
>> they won't bother with lessons in (2) and (b) It doesn't really work
>> I like this point.
>>> 5) Be 110% expert in configuring any service / device connected to
>> This is the hard part. And actually, it might be impossible. Hence
> Bruce Schneier's point about security service providers.
>It's more effort that I want any more, unless my day job is security
(which I'm glad it hasn't been for over 2 years), hence I use mostly
hosted services. Also the bandwidth that the datacentre can include
in the hosting would cost home or office (in Ireland) 10 times
what the hosting costs !
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!