OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Ethical/Theoretical Question
From: Paul L Schmehl (paulsUTDALLAS.EDU)
Date: Tue Jun 06 2000 - 09:25:05 CDT

Boy, I couldn't possibly disagree with you more.

You say....

--On Monday, June 05, 2000 5:48 PM -0700 Marc <marcEEYE.COM> wrote:
>
> Yes there are stupid users that open virus's etc... but as an
> Administrator it is YOUR job to keep users from being able to act on
> their ignorance in the first place.

I completely disagree. IMNSHO it is the Admins' job to provide the
functionality the company needs in the most secure way possible. It is
*not* the Admins' job to deny users the flexibility they need simply to
prevent them from doing stupid things.
>
> it is not always the IT peoples fault though... a lot of blame can go
> towards the executive staff and money matters.

While I'm well aware that the executives and money matters often determine
what can and cannot be done, the IT staff of a lot of firms should bear the
brunt of the blame for the recent Loveletter fiasco.

Did admins learn absolutely nothing from Melissa? Has the threat of
malware not been made sufficiently distinct for admins to realize they need
to *do* something about it?

We got over 300 copies of Loveletter. All except five were stopped at the
mail server. Of the other five, three of the users deleted them without
running them. The other two got infected, but didn't send email because
they didn't use Outlook for the addressbook.

The reason they don't is because we provide an addressbook through Unix.
We also have completely automated virus protection and taken it out of the
users' hands. When they log in to the domain, they are updated
automatically. They get the very latest virus protection without having to
do anything except do their jobs.

Isn't that why *we* exist? To take those sorts of mundane routine jobs
over and automate them?

OTOH, we also have educated our users so that they don't just open
attachments as a kneejerk reaction. They are aware of the threat. They
know attachments, even from close friends, can be dangerous.

If you don't enlist your users as allies in the battle against malware, you
might as well put up the white flag know, because your network is a goner.
You *cannot*, I repeat - *cannot* prevent malware from getting to your
desktops. I don't care how many filters you use. I don't care how much
capability you disable on the client workstations. You *cannot* prevent
malware from getting in to your network. If you think you can, you're
deluding yourself.

They can be brought in through web pages, ftp downloads, zip disks, etc.,
etc. You MUST educate your users to the risks, because you *have* to
depend on them to protect your network. They are the last line of defense.

Automate everything you can and educate every user. That's the only way
you'll defeat this problem.

Paul L. Schmehl, paulsutdallas.edu
Technical Support Services Manager
The University of Texas at Dallas