Audit Those PCs

Are file-sharing programs a security matter? Today, the Associated Press reports “Confidential Data From Japanese Nuclear Plants Leaks Onto Net”. The culprit was a virus-infected PC “loaded with file-swapping software.” It included “photos of power generation facilities and workers’ medical files–data that should not have been loaded onto a personal computer…”

No duh, as they say.

Have a policy about what is on your PCs, know what is on them, and deal with infractions.

Axel Eble blogged the following (at balrog.de/security/archives/2005/06/24/99_re-audit-those-pcs):
While I agree with what he says about having policies and dealing with infractions current viruses and worms bring their own file sharing software. It’s not even necessary to have something pre-installed.
True, of course. I dashed the original off before leaving the office. I neglected to add, that this is yet another example of where egress filtering in the firewall might have helped. Also, perhaps some of the things we discussed in January 2005 in Malware—the threat is real would help.

No comments: