On Tue, 12 Jun 2012, Kurt Buff wrote:
> If more staff were fired or otherwise disciplined after it was proved
> that they had gotten their company PC infected by navigating to
> non-work-related web sites (or performing their work in an unsafe
> manner against advice), we'd have a much better security environment -
> and the discipline must also apply to C-level execs, as the data they
> handle are even more precious than some staffer in shipping.
>
> I've personally cleaned up malware from the CxO's machines at $WORK,
> multiple times, because they a) won't pay attention to my
> recommendations for handling web sites and email and b) won't let me
> block or quarantine executables and suspect documents at the
> gateways that are designed to handle them.

Looks like one uses crutches for so long that he forgets how to walk
normally.

The fact that your computer can be compromised by viewing a web-site
or reading email means that something it terribly wrong with your
computer. It is sane to fix bugs in the browser and MUA, to use a
better SELinux policy to constrain the applications, or to run them
inside a virtual machine. On the other hand, to blame the user for
reading mail or browsing Internet is at most an exercise in futility.

--
Regards,
ASK

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]