Security Retardation

Started by Mr. Analog, March 09, 2009, 09:03:48 PM

Previous topic - Next topic

Mr. Analog

Explain to me how it is unacceptable to allow downloads from Microsoft.com yet allow developers to bring USB sticks with downloaded content from home and allow them to plug them in without authentication?

MADNESS
By Grabthar's Hammer

Thorin

Because it's easy to lock Internet traffic (you do it at a centralized router) but difficult to lock USB stick traffic (you'd have to have a USB cop at every workstation).

So as almost always happens with security, 99 things are done to secure the system, but the 1 thing they don't do makes the system completely insecure.

Which is why I tell everyone who will listen that you should not think you can properly secure any system without a proper learned security expert.  Of course, I say expert and not "expert", as there are lots of people who are "experts" - people who claim to know something but don't and really just want to take your money.
Prayin' for a 20!

gcc thorin.c -pedantic -o Thorin
compile successful

Mr. Analog

I'm sure through one of the hundreds of automated policies that are executed on login one of them could be "disable USB".

I ran into a situation today where I had to install tools on my workstation and I couldn't. The team's solution? A thumb drive they've been passing 'round for months with all the install stuff necesarry... but registered to the team leader. We all have MSDN licenses but we can't actually download anything from MSDN.

There's an old robot saying that applies here: DOES NOT COMPUTE!
By Grabthar's Hammer

Lazybones

The policies to properly control USB Mass Storage are only native in Vista and Windows 7 as far as I recall. Otherwise you need to use a 3rd party solution.

After recent virus/trojan issues I am inclined be in favour complete lockdown. However msdn.microsoft.com should be a given for access.

Mr. Analog

I am baffled by the screen-door-on-submarine approach they seem to have taken.

Another goodie:
Your password must be at least 8 characters long (good)
Your password cannot be longer than 8 characters long (huh?)
By Grabthar's Hammer