Ah, but Ken, you've done a risk assessment. :) Without one, there is no way to know what your status is, and what steps should be taken (or avoided) to make it better.
This is just as true for consumers as for corporations, and often just as ignored. *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker>* **Providing Virtual CIO Services (IT Operations & Information Security) for the SMB market…*** On Wed, Apr 17, 2013 at 7:29 PM, Ken Schaefer <[email protected]> wrote: > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Thursday, 18 April 2013 6:08 AM > To: NT System Admin Issues > Subject: Re: On the subject of security... > > > If that's the case, then he didn't make his point at all clear. > ... > > True again - and again unremarkable. My point is that you have to use > the same methods to > > protect unprivileged accounts as you do root/administrator. > > ... > > That's the import of my remarks about screensavers, FDE, not caching > passwords > > for web sites in browsers, etc. - it's all about protecting the data; > that which resides > > on the machine, and that which resides on teh intarwebs. > > If anyone's being unclear here, I think it's you. > > My reading of your comments is that a lot of your suggestions are geared > towards preventing access to the system. > > All your suggestions about encrypting disks, having screen savers etc. are > overkill if all my data is burnt to CDs. I'm better off investing in a safe > to house them. Additionally, if my only PC is the one sitting in my living > room, then when someone has got access to that machine (by breaking into my > house), then a lack of password protected screensaver, or the fact that the > password to the machine is on the bottom of the keyboard, is probably the > least of my problems. > > Security is about managing risk: identify what the threats are, and the > mitigate, transfer, accept etc. Security is not a checklist of technologies > and processes. > > > I protect all of my accounts, privileged or not, in the same ways, and > > have been doing so for so long that it's completely natural to me. It > > just feels unnatural not to do so. > > > > No running executables from untrusted sources, turn off scripting in > > my browsers, view all email as plain text, no remembering/caching of > > passwords in browsers, using a unique password per web site and per > > other accounts, regular clearing of cookies, no linking of accounts > > between web sites, running current AV, no browsing with elevated > > accounts, laptops have full disk encryption, etc., etc., etc. > > Without an evaluation of risks, this would be a complete waste of time for > most people IMHO. > > I run as an admin on my personal machine. I don't bother reading all mail > in "plain text", and I don’t full disk encrypt all my machines, and I don't > clear my cookies. I've got better things to do with my time, and if I focus > on protecting my identity and data instead, I'm probably just as likely as > you to be "safe". > > Cheers > Ken > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
