January 17, 2005

Browsing the Web and Reading E-mail Safely using Software Restriction Policies

Michael Howard has released an interesting article on using "Software Restriction Policies" to browse the web and read email safely as an Administrator. I wouldn't recommend this, as I am a serious believer in using least privilege and using runas to elevate privileges as needed (hey, even Michael admits and recommends that). However, if you have to, this is an interesting approach of using the group policy objects to apply limited rights to an application you do not wish to implicity trust.

Anyways, good read. Enjoy!

Posted by SilverStr at January 17, 2005 04:44 PM | TrackBack
Comments

Hi,

There is a simple rule of thumb with security.

There either is a form of security in place or there isn't.

The semantics of which is better is always up for debate but, really, if the methodology is sound then the argument is moot.

If security was put in place, then it should have done by someone “qualified”, right?
Therefore, questioning their ability should not be from the IT Dept. standpoint but that of a human resources one. Apply that ideology to any environment where IT Dept. may be eldest son and HR is mom and dad??
Next, the decision for “good” security has to be based on software / environment that has a good reputation for security and a strong track record. Wishy washy promises based on past wishy washy promises by software vendors should force the IS personnel to take heed and research for better alternatives.

Most people buy software because it is eye candy, cheap, expensive, friend or relative uses it and any number of reasons OTHER THAN security therefore they don’t know better. What you talk about here is for that demographic set.

Everyone else should know better and if they don’t then they need to be hit with the ugly geek stick until such time as they do understand. Shame on them.. *grin*

nyk


Posted by: ginetta at January 22, 2005 02:22 PM