On Thursday, May 05, 2005 2:21 PM, Paul Melson spake:

>PS - How come nobody's come back with, "The most secure option is to

not use
>OWA at all and make people check their e-mail from the office like

normal
>human beings." ?

Even more restrictive: "Why not just completely disconnect from the=20
Internet, send all computers to the shredder, and install DNA
authentication equipment to get in the front door?" Because we as
security
professionals have to help our companies to balance the risks with
keeping the business open. My company has folks traveling the globe
doing
work, sometimes sitting on other company's networks for a few days, and=20
those companies may not allow VPN connectivity outbound, but do allow
HTTPS.
These folks have no ability to "come into the office to check their
email."


>If you apply that option to the risk valuation I use
>above, you get a sum of 0. Clearly better than the rest.

May not be better than the rest if the physical security at said office
is less than adequate. We all need to remember to weigh all the risks,
not
just the technology ones.

Jeff
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards