Forgot username / password

Calendar

Find out where and when Jeremy will be speaking next.

February 2012
SMTWTFS
1234
567891011
12131415161718
19202122232425
26272829
Prev Month Current Month Next Month


The "other" kind of policy

The "other" kind of policy

Tip of the week: The other kind of Policy
--------------------------------------------------------

I had a lot of time to just "think" yesterday. I flew into Jacksonville, then drove to Gainsville. I almost got pulled over by the cops on 301, maybe 3 times.

(See this NY Times article about Rt. 301)
http://query.nytimes.com/gst/fullpage.html?res=990CE5D6173FF933A0575AC0A963958260

It's kind of like the Dukes of Hazard, where Roscoe would flip a switch, and a sign that JUST SAID 65 MPH -flips- to 45 MPH. Ow. Anyway.. no tickets. I drive back tomorrow, so, cross your fingers.

So, what was I thinking about? I was thinking what the "ideal hygiene" of those users might look like. I think it might look something like this:

() Never have an unencrypted portable device: USB sticks, laptop hard drives, nothing. If it plugs into your network, it has to be encrypted. There are 3rd party tools which can hook into GP to perform this on your behalf.

() If you're going to use public (unencrypted) Wireless networks, at least use encrypted protocols. I use POP to grab my email (I don't happen to use Exchange.) But there's ENCRYPTED POP and encrypted SMTP. It took about 30 seconds for my provider to set this up for me. I poked around in the ADM template files for Office 2003 and didn't see a way to "guarantee" this to be on. But with PolicyPak, you could do it in a flash, and set Outlook's custom ports (like 8025) or however your provider does SSL.

() Use the corporate VPN to tunnel my traffic when feasible. Sometimes this isn't feasible; ports are blocked from airports and hotels for reasons I have yet to understand. So, ALWAYS using the VPN is out of the question. But most of my "important stuff" (banking, etc) happens over HTTPS anyway, so, I can feel relatively confident there.

() Prevent access to Ad-Hoc networks. At best, they're a road to nowhere. At worst, they're a way to compromise your machine. Group Policy positively CAN control this behavior; and you should mobile user's ad-hoc access immediately.

So, some things you can manage with GP, other items you have to manually teach your users what to do. It's too bad we can't do it ALL with GP, and take the human element out of it. But then work wouldn't be as FUN, now would it?
 
 

 

Close