[Dshield] web access list

Guy Barnum GuyBarnum at Armscole.com
Tue Jun 29 18:53:23 GMT 2004


I'm reading the latest Computer World security roundup:
 http://www.computerworld.com/newsletter/0,4902,94125,00.html?nlid=SEC 

and towards the bottom you'll notice two MS vulnerabilities mentioned,
one without a patch.  With this text in the article "Microsoft hasn't
yet positively identified the flaw being exploited" and another huge
web-wide credit card hack mentioned in the same Computer World mailing I
have to wonder what you guys are doing to protect your surfers.

I know there is no secure computer other than the one boxed up in your
closet.  To keep the pc's out of the closet my current idea is to make a
list of authorized web sites that I'll allow users to visit.  When they
have a new site they need access to they can email the IT Dept. to have
it authorized and added to the list.  Overhead danger right?  Well we're
a small shop and I can get away with it but even with a bigger
organization what's going to cost more, allowing people to surf
unfettered trashing their pc and eventually the network?  Or put man
hours into filtering and authorizing a web access list?

IMHO firewalls and AV wares are going to continue falling further behind
(drastically) in their ability to detect or stop internet born threats.
Users might think its draconian, choking off their web usage, but if
your IT Dept. has the pull to make it happen it seems like the best
compromise to putting the pc's back in the boxes that I can think of.

Does anyone on this list currently make an authorized surfing list like
this?  Any problems or suggestions with this kind of plan?  What are
your thoughts?

Guy



More information about the list mailing list