On Mon, Feb 25, 2008 at 6:24 PM, Ajay Kulsh <[EMAIL PROTECTED]> wrote: > Management of this company thinks that turning on file and print sharing on > workstations is a security vulnerability.
Sure it is. Having computers is a vulnerability. "There is no such thing as security -- only managed risk." > In my opinion, this hampers remote control of workstations like in Computer > Management ... It does that, too. > and does not provide any significant security advantage. Depends on the environment, both technical and threat-wise. Where I work, the master copy of all data is kept on servers. The only data you might find on a workstation are local copies of roaming profiles. So everything is already "on the network". We've also got what I like to think are fairly tight restrictions on our network -- restrictive firewalls, users don't have admin rights on their PCs, no user-provided equipment connected to the network. So there's little to be gained in trying to block remote access to the stations, and quite a bit to loose in terms of automated/remote management. If you've got unique data on the workstation (i.e., doesn't exist anywhere else), and a permissive network attachment policy, and users have free reign on their own PCs, configuring the workstation such that remote access to the station is disabled, would arguably better protect that unique data. You have to analyze your assets, the threats, the exposure of your assets, counter-measures you can take, and the cost/benefit of those counter-measures. There's no one answer. "Security is a process, not a product". -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
