Re: How to access I/O port directly in VC6.0?

As soon as you have standalone machines, the picture changes. But they also have to be
protected against sneakernet malware.

One thing I would NEVER rely on is someone saying "multinational company X uses our
product". What that means is that someone in the hundreds of thousands of employees
bought and used their product (in some cases, only bought), perhaps in a very restricted
context, perhaps even their research division. I know this because I have worked with
several multinationals, worked with the research division in one case, and know that what
one individual does would not represent corporate policy. And yes, not only are a lot of
IT managers naive, some of them are downright stupid. One multinational had, as their
corporate policy, that all NT machines would run the FAT file system "because it is more
secure". I kid you not, this was an actual policy IN WRITING. Of course, in the research
division we laughed our heads off about this, and everyone immediately did a "dconvert" to
convert to NTFS. Their "security" as far as servers was a joke; research ran its own
servers, which WERE secure, including VPN access, but the corporate servers in the same
room were not--they ran FAT file systems, of course, but the network security was a joke,
and no one could convince the IT types that they were wide open. I could tell many other
stories about how their secured routers weren't, their secured servers weren't, etc., but
here's a classic: When a coffeehouse down the street installed free Wi-Fi, it was
discovered the internal wireless network was completely unencrypted. This research
division was working on the next generation product, and not only was the wireless network
unencrypted, one of our research people got into the corporate servers using anonymous FTP
from his wife's laptop, sitting in the coffeehouse one evening, just to prove it could be
done! So yes, not only are they naive, they are in many cases so irresponsible that when
the security breaches finally occur, the only sane corporate response should be to fire
them immediately for malfeasance, misfeasance, and/or nonfeasance. Or just being stupid
and naive.

So I would never place any faith in the competence of many multinational IT managers! I've
seen at least three examples of total failure on their part.
joe

On Wed, 21 Nov 2007 10:42:28 +0100, Walter Eicher <walter.eicher@xxxxxxxxxxxxxxxxxxxxxx>
wrote:

Hi Joe,

On Tue, 20 Nov 2007 22:46:45 -0500, Joseph M. Newcomer
<newcomer@xxxxxxxxxxxx> wrote:

That's naively optimistic...if I were an IT manager, I'd have very serious reservations
about that being a complete solution. Hmm...stop to think of it, I *am* an IT manager (of
my site) and I wouldn't install a piece of software like this...

Maybe there is more security build in as we know. For me network
security does not matter, because our machines are and will not be
connected to a network.

Before I bought kithara I checked the customer references
http://www.kithara.de/en/firm.php?sub=refs
all companies and institutions on this list are all well known some of
them even worldwide.

You really want to tell me that all this companies have "naively
optimistic" IT managers ;-)

Best regards
Walter


Joseph M. Newcomer [MVP]
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.

Relevant Pages

  • IT Security Administrator in Bend, OR
    ... workstations as well as physical security for I/T systems. ... manages network security software and hardware. ... Extensive experience with Windows 2000/2003 servers and Exchange ... Two years experience configuring, installing and implementing VMWare ...
    (comp.arch)
  • Re: Active Directory Setup Advice
    ... A domain is really an entity with a single security remit. ... seen as on the same network it will be like one big network. ... Under one domain all machines have to be unique in naming scheme. ... sub domains you can have same names under different domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Pen testing Fiber Channel
    ... If direct access to the network is available, ... Subject: Re: Pen testing Fiber Channel ... > server to another on a different higher security network. ... SAN servers are usually on isolated ...
    (Pen-Test)
  • RE: [fw-wiz] Security Audit and Priorities
    ... Learn your network. ... - Linux Security Cookbook ... Building Secure Servers with Linux ... It's one thing to be a firewall admin and write ...
    (Firewall-Wizards)
  • Re: Counter Strike blocker?
    ... I wouldn't try and disturb the traffic, just locate the machines and catch ... As to the kids installing the game, like I said in my previous post, all ... > of network computing basics, Windows networks, AD and so on, so they know ... > My first thought was to create an application that scans for CS servers. ...
    (microsoft.public.dotnet.languages.vb)