Well sure it does.
In a business there should always be a risk/cost analysis. Part of that is assessing the risk.. and that includes odds incorporating any mitigating factors. -sc From: [email protected] [mailto:[email protected]] On Behalf Of Daniel Chenault Sent: Wednesday, July 31, 2013 11:25 AM To: [email protected] Subject: Re: [NTSysADM] man-in-the-middle attack 1. It doesn’t matter what the odds are. When it happens the odds go to 100% making all the previous discussion moot. 2. Chrome and Safari have alternatives so what is the key point here? To keep the network secure or cater to a small group of users who obstinately refuse to give up their browser of choice? Is it management’s intent to hold corporate network security hostage to this small group of users? From: David Lum <mailto:[email protected]> Sent: Wednesday, July 31, 2013 10:07 AM To: [email protected] Subject: [NTSysADM] man-in-the-middle attack I need to present management with the odds of this actually getting exploited, as I’d want to force TLS 1.2 for ADFS but that takes Chrome and more importantly Safari (iOS devices) out of the mix, so I suspect management might say “we want compatibility instead of protection from some obscure attack that is unlikely to happen. In short, what are the odds of a MITM attack actually happening between my remote employee and our ADFS server? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764
