Sometimes they are in banner ads and you just don't know. I don't have
enough hours in the day to build a "white list" of trusted business
sites that my firm needs to use given the needs of my business.
This is the fundamental argument where the security guys need to
understand that I don't build or use tanks, warfare or other military
like stuff. I run a business. I evaluate based on risk, not on black
and whites of security. I deal with being good enough and "reasonable"
security measures...not absolutes.
But yes, everyone in my office has and has signed an acceptable use
policy... there are samples of such on the SANS.org web site (click on
the policy button at the top)
Besides...unless you are signed up with Websense... exactly "how" do you
know what that list of sites are?
Thomas W Shinder wrote:
A more important issue is the AUP your company has. If you are
*enabling* users to access compromised sites, then there's a problem
with AUP, or your network infrastructure team thinking they understand
security.
Have off network security to network security personnel who understand
application layer inspection and outbound access control based on
user/group membership.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
-----Original Message-----
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
[mailto:[EMAIL PROTECTED]
Sent: Friday, March 31, 2006 5:08 PM
To: bkfsec
Cc: Murad Talukdar; [email protected]
Subject: Re: New IE flaw and exploit sites/migration to non-MS browser
How many of you are running as non admin? Used the Group policy to
adjust and allow approved active X?
Now I'm no coder...but from threads I've seen.... Firefox's
Extensions
are ripe for fun and excitement.
Is it IE that's insecure? Or how the workstations are setup in the
first place?
bkfsec wrote:
Murad Talukdar wrote:
On a related note--how many people have initiated a move
away from IE to
Firefox/Opera etc in a corporate environment, due to the
perception(is it
JUST a perception or reality based?) that IE is less secure/more
prone to
exploits?
We have in certain areas. It's very much reality-based that IE is
less secure and more prone to exploit than other browsers, for a
number of reasons, not the least of which is IE's
architectural tie-in
with the MS Windows operating system.
-bkfsec
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
--
Letting your vendors set your risk analysis these days?
http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
