James Button
jamesbutton at blueyonder.co.uk
Tue Mar 12 14:31:05 CDT 2013
Jim, While the notes in that post <http://www.techrepublic.com/blog/10things/10-ways-to-reduce-security-headaches-in-a-byod-world/3591?tag=nl.e101&s_cid=e101&ttag=e101> Are reasonable, to my view they address the incidental probabilities associated with inexperienced, or inept user. I believe that site security should start from the consideration of both the interloper, and authorised users intending to inappropriately acquire the data held on your system, or to use your systems for their own purposes. You should expect these 'users' to come with systems that can connect their network to your network, and thus to your data, and some of your users working environment and access, and maybe, their probable aim of controlling your admin level. Maybe considering the password, or even unencrypted access to the backups being a nice neat access point. Then there is the physical attack possibilities - Removing a PC, (or just the hard drive) for modification Attaching a wireless dongle or device with a 32GB microSD - scarcely larger than the hard bit of the USB connector, and certainly smaller than the cover to the cable connection. Ignoring the possibilities of a screenscraper, or comms monitoring application there is still a lot of ways for data on a LAN/WAN, or server facility to be acquired in bulk. And - as I posted a short while ago, I was working at a site where 'security' level work was being done, with full physical access recording and control - but someone stole a server (maxi-tower PC sized) - via the scaffolding errected to allow the window maintenance contractors to do their work. Well - the building owner had scheduled it as a 5 yearly extra safety & maintenance check on the annual cleaning/service, shame the tenant company management didn't consider it needed extra security to be paid for! JimB ----- Original Message ----- From: "Jim Lawrence" <accessd at shaw.ca> To: "'Access Developers discussion and problem solving'" <accessd at databaseadvisors.com> Sent: Tuesday, March 12, 2013 6:52 PM Subject: Re: [AccessD] Lock Down PC > It seems that the application DeepFreeze is what the colleges and schools > are using, all over...even here. Must be a good choice. > > Here is an TechRepublic article on how to manage BYOD computers which is > what a computer can quickly become if left in the hands and control of > users: > > http://www.techrepublic.com/blog/10things/10-ways-to-reduce-security-headach > es-in-a-byod-world/3591?tag=nl.e101&s_cid=e101&ttag=e101 > > Jim > > -----Original Message----- > From: accessd-bounces at databaseadvisors.com > [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Tina Norris > Fields > Sent: Tuesday, March 12, 2013 10:14 AM > To: Access Developers discussion and problem solving > Subject: Re: [AccessD] Lock Down PC > > DeepFreeze is what we use on campus at Northwestern Michigan College, > too. Nothing saved on a local computer will still be there after reboot. > T > > Tina Norris Fields > tinanfields-at-torchlake-dot-com > 231-322-2787 > > On 3/12/2013 9:44 AM, Jason Strickland wrote: >> DeepFreeze will lock down PC so that all changes will revert upon reboot. >> We use it at work on all of our labs and student laptops. >> All, >> >> > > -- > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com > > -- > AccessD mailing list > AccessD at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/accessd > Website: http://www.databaseadvisors.com