[AccessD] Lock Down PC

James Button jamesbutton at blueyonder.co.uk
Tue Mar 12 14:31:05 CDT 2013


Jim,

While the notes in that post
<http://www.techrepublic.com/blog/10things/10-ways-to-reduce-security-headaches-in-a-byod-world/3591?tag=nl.e101&s_cid=e101&ttag=e101>
Are reasonable, to my view they address the incidental probabilities 
associated with inexperienced, or inept user.

I believe that site security should start from the consideration of both the 
interloper, and authorised users intending to inappropriately acquire the 
data held on your system, or to use your systems for their own purposes.


You should expect these 'users' to come with systems that can connect their 
network to your network, and thus to your data, and some of your users 
working environment and access, and maybe, their probable aim of controlling 
your admin level.
Maybe considering the password, or even unencrypted access to the backups 
being a nice neat access point.

Then there is the physical attack possibilities -
Removing a PC, (or just the hard drive) for modification
Attaching a wireless dongle or device with a 32GB microSD - scarcely larger 
than the hard bit of the USB connector, and certainly smaller than the cover 
to the cable connection.

Ignoring the possibilities of a screenscraper, or comms monitoring 
application there is still a lot of ways for data on a LAN/WAN, or server 
facility to be acquired in bulk.

And - as I posted a short while ago, I was working at a site where 
'security' level work was being done, with full physical access recording 
and control - but someone stole a server (maxi-tower PC sized) - via the 
scaffolding errected to allow the window maintenance contractors to do their 
work.
Well - the building owner had scheduled it as a 5 yearly extra safety & 
maintenance check on the annual cleaning/service, shame the tenant company 
management didn't consider it needed extra security to be paid for!

JimB

----- Original Message ----- 
From: "Jim Lawrence" <accessd at shaw.ca>
To: "'Access Developers discussion and problem solving'" 
<accessd at databaseadvisors.com>
Sent: Tuesday, March 12, 2013 6:52 PM
Subject: Re: [AccessD] Lock Down PC


> It seems that the application DeepFreeze is what the colleges and schools
> are using, all over...even here. Must be a good choice.
>
> Here is an TechRepublic article on how to manage BYOD computers which is
> what a computer can quickly become if left in the hands and control of
> users:
>
> http://www.techrepublic.com/blog/10things/10-ways-to-reduce-security-headach
> es-in-a-byod-world/3591?tag=nl.e101&s_cid=e101&ttag=e101
>
> Jim
>
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of Tina Norris
> Fields
> Sent: Tuesday, March 12, 2013 10:14 AM
> To: Access Developers discussion and problem solving
> Subject: Re: [AccessD] Lock Down PC
>
> DeepFreeze is what we use on campus at Northwestern Michigan College,
> too.  Nothing saved on a local computer will still be there after reboot.
> T
>
> Tina Norris Fields
> tinanfields-at-torchlake-dot-com
> 231-322-2787
>
> On 3/12/2013 9:44 AM, Jason Strickland wrote:
>> DeepFreeze will lock down PC so that all changes will revert upon reboot.
>> We use it at work on all of our labs and student laptops.
>> All,
>>
>>
>
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com
>
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com 



More information about the AccessD mailing list