[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft: Insecure by design



This is the *real* issue:

> when your junior marketing person takes thier laptop home and plugs
> into thier unprotected cable internet connection with thier
> unpatched win2k laptop, boom they have blaster,

Your corporate network is secured. You know what touches it. You can
protect from that. You know where the entrances and exits are.

You have no idea what kind of MSTDs your "remote computing workforce"
will bring home with them, when they've been out cavorting on the
Internet all hours of the night.

Not to mention letting folks use their own home computers to "dial in"
to the office because you're too cheap to provide them with a dedicated
computer that the company *owns*. Since your company doesn't own the
computer used to connect to the company's network, why is it, again,
that they are granted secured, unfettered, access to the corporate network?
That's just as secure as your child installing some game is?
Are you OK with anyone your employees allow to use their computers
(children, visitors, friends, etc.) being in charge of your IT security
practices?

And what will you do when *your* corporate network hoses *their* computer
because of some *other* employee's incompetency or ignorance? Wouldn't that
automaticaly make you (the employer) liable for the same "unauthorized
access" federal crime bludgeon you get the FBI and high-priced lawyers to
beat up 14-year old script kiddies with?

I won't touch my employer's/client's computers with my own - I know what
sort of infestations they have - so either I go in to work on them at
their physical location, or they provide me with a "corporate" laptop.
And *never* the two shall meet. I don't need the hassle of figuring out
what *their* network did to *my* computer.

What the vast majority of companies *don't* do, is lock down the laptops
so that they are ONLY able to connect to the corporate LAN, and any
connections to any other network automatically disable corporate LAN access.
At least in that case, you are limited only to the data actually on the
laptop in the case of a security breach or compromise.

Now, that's not to say that that information won't be valuable (like, say,
and exective's schedule, strategic planning, product/service research
documents, contact lists, etc.), but that physical posession of the laptop
will not grant continued access to the corporate LAN resources in the
case of a breach.

But, those Microsoft products sure are easy for anyone to use - even people
you don't *want* to be using them...

Mike/




-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.