Security Basics mailing list archives
Re: Allowing access to social networking... securely?
From: Kurt Buff <kurt.buff () gmail com>
Date: Tue, 19 May 2009 16:02:59 -0700
On Thu, May 7, 2009 at 11:14, Daniel I. Didier <ddidier () netsecureia com> wrote:
I am sure many of us are seeing the shift from the standpoint that social networking (SN) is evil and should be blocked, to one that views SN as a business tool and full of opportunity. I believe this is true for many organizations. However, as many of us are aware, SN is full of malicious code and techniques to trick users into giving away information or attacking their system. The questions I would like to pose to the list are as follows: What, if anything, should be done above and beyond standard security controls to protect against the potential risks of allowing access to SN?
Block flash, silverlight and javascript at the firewall. That should take care of your problems. Heh. If someone in authority thinks they've got a compelling business case for allowing one or more sites, set up a PC in a DMZ and allow port 3389 from specific machines on the trusted network to it. Nothing else. Kurt ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Allowing access to social networking... securely? Daniel I. Didier (May 08)
- Re: Allowing access to social networking... securely? Kurt Buff (May 20)
- <Possible follow-ups>
- Re: Allowing access to social networking... securely? krymson (May 18)
- Re: Allowing access to social networking... securely? Stephen Mullins (May 19)
- Glassfish Apache and Tomcat All attONCE ? Mattias Hemmingsson (May 19)
- Re: Glassfish Apache and Tomcat All attONCE ? Carsten Heesch (May 19)
- Re: Re: Allowing access to social networking... securely? chmod1777 (May 19)
- Re: Allowing access to social networking... securely? Michael Schaefer (May 20)
- RE: Allowing access to social networking... securely? Ian Bradshaw (May 20)
- Re: Allowing access to social networking... securely? Michael Schaefer (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
- Re: Allowing access to social networking... securely? krymson (May 20)
- RE: Allowing access to social networking... securely? Robin Smith (FaceTime) (May 21)
(Thread continues...)