Internet Attack Called Broad and Long Lasting by Investigators

• Previous message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Next message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

: Eventhough this article wasn't specifically regarding network operations, it
: does come down to the most fundamental of network operating practices.
: Create policies and the procedures that enable those policies.  Then enforce
: them VERY strictly.

: Folks that handle sensitive info (proprietary code, personal info, HIPPA
: FERPA, SOX, .mil, etc, etc) should be allowed to download software only from
: company servers where all software has been cleared by folks that're experts
: in evaluating software packages.  Not from the general internet.



On Tue, 10 May 2005, Scott Morris wrote:

: Closing people's systems down from "any" other software installations isn't
: necessarily the solution.  It can delay progress in many cases, and not
: everyone has IT staff that may be as up to speed as necessary.

Ok, for smaller companies, yes.  You have to trade off productivity and
risk.  But in a smaller company you will likely know each individual and
their level of tech savvy.  Red flags should pop up if they have a low
level of understanding, have access to machines with sensitive or
proprietary info and have the permission level to install software.

Also, in this case we're talking Cisco, NASA, .mil networks and research
labs.  They have the ability to enforce policy and the need to be VERY
risk adverse WRT losing sensitive data.  In organizations that size, it's
the enforement that's hard to pull off.  It requires strict policy
definition and procedure adherence.  Don't give folks that have access to
machines that hold sensitive info the ability to download software unless
you know they're savvy enough to do so safely.  If you do allow the less
savvy folks whom have access to sensitive machines to install software,
force the packages to be downloaded from a company repository.


: The requirement should be more along the lines of software designed to scan
: the system for things like that and alert/remove it.  That kind of
: requirement at least gives flexibility and a good kick in the butt to
: implement good assessment tools at the PC or network level.

In the article, it was too late by that time.  The data was compromised.
They didn't trade off risk and productivity well, or didn't enforce policy
through procedure, or...


: All it takes is one user outside the "norm" to mess up LOTS of work and
: policies trying to keep things right!

Anyone with access to machines that hold sensitive material should be held
to a higher standard than the rest of the organization.  You risk losing
your treasure through these people.

scott

• Previous message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Next message (by thread): Internet Attack Called Broad and Long Lasting by Investigators
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]