funsec mailing list archives
Re[4]: www.hexblog.com down?
From: Sean Donelan <sean () donelan com>
Date: Wed, 4 Jan 2006 16:49:33 -0500 (EST)
On Wed, 4 Jan 2006, Pierre Vandevenne wrote:
Do you rely on yours? Are you suggesting that all businesses should, and will, in the future, implement the clever military approach (totally physically and functionally segregated networks)? I don't know.
Each business will have its own assessments. I was reacting to your stated risk for your business: "Should our customer data be vulnerable to a blissfully unaware accountant surfing the web with a vulnerable system?" And your proposed response. People often state a threat as justification to do something. But my question does your proposed response effectively address your stated threat? If your answer is that's all you can afford to do, then you've accepted the unmitigated risk. Are there other alternatives to address your stated threat? Could you implement a control for your accountant to surf the web using a browser with RunAs limited priviliges, so not only this particular trick the user into executing something is blocked but also other forms of trick the user into executing something are blocked? Would this be a more effective control than the one you proposed? Perhaps not as effective as having two separate machines with an air-gap, but more effective than patching a single vulnerability. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: www.hexblog.com down?, (continued)
- Re: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- RE: www.hexblog.com down? Larry Seltzer (Jan 03)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: Re[2]: www.hexblog.com down? nodialtone (Jan 03)
- Re[3]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re[3]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[4]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[4]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[5]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[5]: www.hexblog.com down? Sean Donelan (Jan 04)
- Re[6]: www.hexblog.com down? Pierre Vandevenne (Jan 04)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? Gadi Evron (Jan 03)
- Re[2]: www.hexblog.com down? Pierre Vandevenne (Jan 03)
- Re: www.hexblog.com down? nodialtone (Jan 03)