Corporate Fantasyland

By Roger on June 1, 2008 5:52 PM | | Comments (0) | TrackBacks (0)

Twice today I read "enterprises do this" statements that made me laugh.

Over at SANS the handler wrote "Corporates typically block outbound FTP" while describing Yahoo phishing that had FTP downloaded malware.

Later I was reading the latest AV-Comparatives report. In the discussion of numerous Sophos false positives, the author says Sophos is used in corporate environments where "new software is rarely installed."

I've been looking for reliable statistics about what percentage of companies currently allow a significant percentage of employees to have local administrator rights. When I see statements like the above I wonder if our policies which were once one of the more restrictive are now comparitively lax. Or is it that the authors are merely stating what they wish were true.

Categories

Policy

0 TrackBacks

Listed below are links to blogs that reference this entry: Corporate Fantasyland.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/735

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on June 1, 2008 5:52 PM.

Implementing Verisign PKI was the previous entry in this blog.

Flash still not patched is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search