I was wondering what you were replying to till I realized it was something I sent...but I don't remember sending it. Then I saw the sending time of 4.47am. I must have woken up, looked at the time on my phone and replied to an email as well. Strange I don't recall it!
On 17 April 2013 14:32, Ziots, Edward <[email protected]> wrote: > Agreed, same solution I am using, does the same function and if there is > any blocks, its dealt with quickly before going live. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots, CISSP, CISA, Security +, Network +**** > > Security Engineer**** > > Lifespan Organization**** > > [email protected]**** > > Work:401-444-9081**** > > ** ** > > ** ** > > This electronic message and any attachments may be privileged and > confidential and protected from disclosure. If you are reading this > message, but are not the intended recipient, nor an employee or agent > responsible for delivering this message to the intended recipient, you are > hereby notified that you are strictly prohibited from copying, printing, > forwarding or otherwise disseminating this communication. If you have > received this communication in error, please immediately notify the sender > by replying to the message. Then, delete the message from your computer. > Thank you.**** > > *[image: Description: Description: Lifespan]* > > ** ** > > ** ** > > *From:* [email protected] [mailto:[email protected]] > *Sent:* Tuesday, April 16, 2013 11:47 PM > > *To:* NT System Admin Issues > *Subject:* Re: Dropsmack Malware C&C via Dropbox**** > > ** ** > > The software I use has an "endpoint analysis" mode, kinda like a passive > mode, that creates whitelists for you. Using this, you should be able to > ensure everything works before going live. Add to this the alerting is very > good so false positives get quickly dealt with.**** > > Sent from my Blackberry, which may be an antique but delivers email > RELIABLY**** > ------------------------------ > > *From: *Ken Schaefer <[email protected]> **** > > *Date: *Wed, 17 Apr 2013 00:27:19 +0000**** > > *To: *NT System Admin Issues<[email protected]>**** > > *ReplyTo: *"NT System Admin Issues" <[email protected] > >**** > > *Subject: *RE: Dropsmack Malware C&C via Dropbox**** > > ** ** > > What happens when the business relies a lot on Access DBs, Excel > spreadsheets etc.? **** > > Do I have to whitelist every macro? Am I still at risk of data > loss/corruption/exfiltration?**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > *From:* James Rankin [mailto:[email protected] <[email protected]>] > > *Sent:* Wednesday, 17 April 2013 12:54 AM > *To:* NT System Admin Issues > *Subject:* Re: Dropsmack Malware C&C via Dropbox**** > > ** ** > > Whitelisting can be a lot of work, if you haven't got a flexible > technology. There are various vendors in the space and some of them take a > lot of the donkey-work out of it for you, whilst still maintaining (as far > as I've seen) decent security. But I totally agree that it's still at the > whim of the person with their fingers on the controls - if the admin allows > a bad executable, then you're in trouble.**** > > **** > > That can only be mitigated by belt-and-braces approaches, really, relying > on old-style reactive AV or IDS/IPS or whatever to catch the bad executable > that's somehow bypassed your processes and controls.**** > > **** > > There is another load of tech springing up around MDM, MIM, MAM or > whatever TLA you choose to describe it. It's another big set of challenges > though. At the moment I am concentrating on extending the agents I have to > MacOS devices rather than worrying about tablets and mobiles yet. I can > avoid some of the pain at the moment by deploying Windows apps and desktops > via Citrix to the mobile devices rather than letting users manipulate > corporate data directly, but it's something I will no doubt get asked to > get involved in sometime in the future :-)**** > > **** > > But it's all so fun keeping up with user trends, isn't it? Maybe if we try > really hard to get on top of the possibilities right now we can approach > BYOD from a security perspective rather than just getting bullied into > making it happen too quickly and having to catch all the security issues > while firefighting :-)**** > > **** > > Cheers,**** > > **** > > **** > > **** > > JR**** > > On 16 April 2013 15:36, Ziots, Edward <[email protected]> wrote:**** > > James, **** > > **** > > I agree on the application whitelisting front. But its a lot of work and > its still based on trust. ( If you trust something bad) then you have still > let the determined attacker in the door, but the caveat is if you control > the code execution on your endpoints, then you change the game into your > favor. **** > > **** > > Other aspects to think of: **** > > **** > > Will application whitelisting work for mobile devices: (Iphone, Android, > Tablets, all of which can act like storage devices in a way.**** > > **** > > Questions to be answered: **** > > **** > > Which devices do you allow to be attached to your systems to transfer > data? (Policies, procedures, enforcement with technical controls and > auditing and followup with administrative controls for compliance? (Do we > allow the Apple devices, but not the Android, or do we allow just Ironkey > devices, and whom should have them and what data should they be able to > take ( DLP/DRM etc etc)**** > > **** > > And we all should know by now that AV is next near worthless against > current malware trends, so why does the compliance regulations still > require this ( PCI-DSS especially). **** > > **** > > Working on App whitelisting right now, its been interesting and complex at > the time, but at the end I feel it will be worth it. **** > > **** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > -- *James Rankin* Technical Consultant (ACA, CCA, MCTS) http://appsensebigot.blogspot.co.uk ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image001.jpg>>
