Ken,
There has been a lot of discussion about Web based mail on all the lists lately. In the long run, the problem is one of education. Your users have to understand the implications of what they are doing when they download files (or messages with attachments). And you need to provide them with the necessary tools to prevent problems such as "safe" systems where they can scan downloaded files for viruses. Smart users don't make dumb mistakes.
Second, you need to have a general policy that limits or prohibits the downloading and use of files from the Internet. The policy should impose a stiff penalty for violation. Combine this with full time workstation based anti-virus software that alerts the staff when some gets a virus. Have a standard method for investigating the cause of the infection. Give people a break on the first couple of violations and fire them or cut off their access if they continue to cause problems.
Third. Implement a produce that "sweeps" downloads for potentially dangerous content. This should provide you with a prudent and reason solution to the problem.
-- Bill Stackpole, CISSP
Disclaimer: My opinions are my own and do not necessary reflect those of my employer.
| "Butler, Ken" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 05/01/01 07:25 AM
|
To: "Firewalls. Gnac. Net \(E-mail\)" <[EMAIL PROTECTED]> cc: Subject: Advisability of Web Mail |
I apologized for being OT, but I wasn't sure where to get feedback on this
one
I'm in the process of updating our Internet acceptable use policy in
anticipation of the new FDIC privacy regulations. I'm trying to decide what
to do about web base mail (Hotmail et al.). Web based mail is a way for
viruses and Trojans to get in.
I could:
Ignore it
Try to block it - (kinda like being a bilge pump on the Titanic).
Set a policy banning it. It's never a good idea to set a policy that will
be unpopular AND unenforceable.
Try to regulate it by policy. Less unpopular, but still unenforceable.
What are other people doing?
Ken Butler
Liberty Bank
________________________________________________
The information transmitted is intended only for the person
or entity to which it is addressed and may contain confidential
and/or privileged material. If you are not the intended
recipient of this message you are hereby notified that any use,
review, retransmission, dissemination, distribution, reproduction
or any action taken in reliance upon this message is prohibited.
If you received this in error, please contact the sender and
delete the material from any computer. Any views expressed
in this message are those of the individual sender and may
not necessarily reflect the views of the company.
________________________________________________
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
