RE: How to block users from installing other apps

Anthony and Everyone...

Is anyone willing to share their "Security Policy" or share some links on the internet that aided in its setup?

We have to pay close attention to HIPAA (http://www.hipaa.org)

Thanks!!
~Todd

-----Original Message-----
From: Anthony Kim
To: Jane Han
Cc: focus-ms@securityfocus.com
Sent: 7/3/2003 2:25 PM
Subject: Re: How to block users from installing other apps

On Thu, Jul 03, 2003, Jane Han wrote:

> Thanks for all help.

Jane,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Explain the benefit to Help Desk this would mean: you'd have a standard system with standard applications. Troubleshooting will be easier, more efficient. Ticket resolution times would benefit dramatically, making the Help Desk department look real good.

Explain the risk of damage caused by unauthorized programs. Crashes, broken applications, conflicting libraries. Which means not only loss of user productivity, but also more work for support staff.

Explain the risk of damage caused by the curious and well-intentioned. Tinkering has caused more downtime than all the software bugs in the history of mankind.

Explain the business risk of copyright violations and software piracy. Are you ready for a software audit?

Consider the risks of malicious programs, trojans, keystroke loggers, rootkits.

Consider the privacy risks of spyware.

Consider the forensic difficulties if users can arbitrarily compromise the security logs.

Consider viruses and the increased threats they pose having administrator privileges.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Consider how much easier it is to exploit local administrator accounts to become domain administrators. This doesn't even have to be a technical achievement. You could easily convince a domain administrator to log in to your machine and run arbitrary programs and batch files.

Bring your security policy with you.

Have management backing you up each step of the way.

Basically, there are a million reasons why users should not have administrator privileges. There are few if any reasons why they should.

Hope this helps and good luck,

Anthony