Free Republic
Browse · Search
General/Chat
Topics · Post Article

To: PreciousLiberty
USB drives are far more ubiquitous than Macs. Also, the vast majority of positions at almost all companies requires no access to such information.

Active Directory Group Policy can disable the use of USB drives on domain-joined Windows computers, and prevent network access by non-domain joined computers. Macs cannot be joined to an Active Directory network, or be controlled by AD Group Policy.

As far as whether a "position" requires access to the information, once non-secured computers are allowed onto the network then you're faced with trying to control who can and cannot use those computers.

If you have that kind of information on your network, there is no rationializing allowing employees to access that data from a non-corporate computer as being anything but very bad practice.

20 posted on 11/03/2011 6:57:19 AM PDT by tacticalogic
[ Post Reply | Private Reply | To 19 | View Replies ]


To: tacticalogic

“Active Directory Group Policy can disable the use of USB drives on domain-joined Windows computers, and prevent network access by non-domain joined computers. Macs cannot be joined to an Active Directory network, or be controlled by AD Group Policy.”

Sure, and then (as usual) the question becomes: “How much do I want to restrict my users productivity in the name of security?”

So now you’ve locked down USB drives, have you also locked down email? Access to SSL enabled websites? Disabled writing optical media? Perhaps you should just get rid of those pesky computers altogether.

“As far as whether a “position” requires access to the information, once non-secured computers are allowed onto the network then you’re faced with trying to control who can and cannot use those computers.”

You’re referring to the “network” as a monolithic entity, which it is not. There are devices called “routers” that can efficiently and extremely securely control which devices have access to given network resources. Making sure “employee owned computers” can’t access sensitive information is trivial.

“If you have that kind of information on your network, there is no rationializing allowing employees to access that data from a non-corporate computer as being anything but very bad practice.”

Nor have I said anything that disagrees with that stance. Company provided Macs (perhaps running Windows in a VM) are a different issue.


21 posted on 11/03/2011 7:43:04 AM PDT by PreciousLiberty (Cain '12 - Take Back America!!!)
[ Post Reply | Private Reply | To 20 | View Replies ]

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson