OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Patrick Andry (pandrywolverinefreight.ca)
Date: Mon Oct 01 2001 - 15:41:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I would be hesitant to deploy such an architecture. I know it seems easy,
    but you are essentially giving up control of your network. Only you should
    decide what services and where they are run, and all it takes is one guy to
    use his laptop as a home pc to bring down your network. I had a pc that was
    brought from an employees house brought into the office and hooked into our
    network, and it took me 3 days to clean out the virus infestation, remove
    the games from the pc's, delete the apps that burrowed into the systems, and
    respond to all the e-mail from irate sysadmins. Although none of my users
    were significantly affected, their e-mail boxes were full, the network
    slowed to a tenth of the speed, and my servers complained because of all of
    the stress.

    We had a very similar choice, and chose a VPN solution to handle the road
    warriors, anything that could be put into an access database was, and they
    had to call into the office and have everyone else look up info they
    couldn't get to. It is more of a headache for them, but it is less of a
    headache for me. If the salesman want to plug a laptop in, I give it a
    quick scan, update all the virus definitions (these guys can go for a month
    without having to connect), and make sure that they aren't abusing the
    equipment too badly. Users are a lot more responsible if you peek at what
    they do every so often.

    I don't know exactly how big your IT department is, or how centrally
    located, but seriously consider other alternatives. Sometimes it's best to
    go out and buy a package to do what you need, even if you can create one
    yourself.

    -----Original Message-----
    From: Majid Almassari [mailto:majidnetworkingmedia.org]
    Sent: Monday, October 01, 2001 1:47 PM
    To: dayseizerexcite.com; focus-mssecurityfocus.com
    Subject: RE: Running IIS locally - advice?

    Dazed,
    you bring up a very good point? You got to bring your hole security policy
    into light? For example what is your ingress firewall rules? can they hit
    port 80? spoofing is not the issue if they can go right through your
    firewall! Let say you installed a personal firewall then why you want to use
    a web server that can only be accessed from local machine?

    Majid Almassari