Several on this list have been saying defense in depth for years. Hard outsides and soft insides only means hackers need the break one layer and it does not protect from insiders doing more damage than the hackers would do. Personally I would like to make all resources managed or monitored including printers sitting on the desk next to the user. USB drives would be banded and entry to a machine would be by multi-part authenication including a card, biometrics, and long password. That said try to get that in an education environment or a small business. It will not happen and they are the ones that most likely need it the most. Both of those groups will have users from 0.1 to 2.5 working there.
Jon On Fri, Feb 5, 2010 at 9:44 AM, David Lum <[email protected]> wrote: > M guess is 1.9 J > > > > My big takeaway: > > “*We have to start managing and protecting the data rather than > concentrating all our efforts on the perimeter. The pentesters amongst you > know that a large percentage of companies have a hard crunchy outside and a > soft squishy centre. **If we manage and protect the data then what is > used to access or manipulate the data becomes less important*.” > > > > Dave > > > > *From:* James Kerr [mailto:[email protected]] > *Sent:* Friday, February 05, 2010 6:43 AM > > *To:* NT System Admin Issues > *Subject:* Re: User 2.0 > > > > Or maybe I'm just security 1.9? > > On 2/5/2010 9:26 AM, James Kerr wrote: > > On 2/5/2010 9:17 AM, David Lum wrote: > > Thoughts? Some of the comments are good. > > http://isc.sans.org/diary.html?storyid=8158 > > *David Lum** **// *SYSTEMS ENGINEER > NORTHWEST EVALUATION ASSOCIATION > (Desk) 971.222.1025 *// *(Cell) 503.267.9764 > > > > > > > > Seems like it was written by a User 2.0! > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
