Honda Motorcycles - FireBlades.org banner

1 - 20 of 20 Posts

·
Registered
Joined
·
2,704 Posts
Discussion Starter #1 (Edited)
My wife needs some help answering a question and it doesn't make sense to me. She has to write a paper based on the following situation. I don't see the sense in it but I was hoping someone who does this for a living might see something that I can't.
The Social System:

End-Users, Managers, and IT Professionals



You work for the CIO of your company as a strategic analyst. The CIO has just read the following article on ZDNet.
ZDNet AnchorDesk: Antivirus software must be free. Here's why
He thinks that the author asks a good question at the end of the article but is a little puzzled about the role that the author envisions for corporate customers. He wants you to write a brief report for him outlining whether you think that it would be useful for a company like yours to subsidize free distribution of anti-virus software to home users as the author proposes. In particular, he wants you to explain why there is a connection between the company's network and home users and how this might help your company's problems with viruses. He also wants you to consider whether there are other issues besides providing free software to home users that affect the network security of your firm and to be sure to put your discussion in the context of the roles of top management/non-IT management, IT professionals, and end-users play in maintaining network security.
You have recently read the following article that has set you to thinking about different perceptions of network security problems between IT professionals, end-users, and managers. (You can find much more material on IT professionals, end-users, and managers in the Background Materials for Module 3. You may also find the material on "socio-technical systems" in the Background Materials for Module 1 to be helpful.)
IT and End Users Differ on Spam Severity
Yes, the article is old but it's all she's been given to work with for this assignment. If any of you can provide some input, we'd appreciate it.

edit (for clarity):

This is for an MBA class paper. The biggest confusion lies in the use of "corporate customer" and "home user". If home user is defined as an employee accessing the network at home, the paper is easy to write. If corporate customer is simply a customer, then the question becomes: when would a simple corporate customer have enough access to a corporate network to introduce a virus to the network?

That's where we got stuck.
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #2
Sorry, abtech. Left you out of the known guru list. I'd appreciate any info you could provide too. :thumb:
 

·
Registered
Joined
·
1,193 Posts
DOD holds antivirus license to provide for all military and civilians home systems.

All you need is that one person who has to bring something from their home system........
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #4
DOD holds antivirus license to provide for all military and civilians home systems.

All you need is that one person who has to bring something from their home system........
We talked about this at lunch today. I have to edit my original post to clarify, its for an MBA class.
 

·
Registered
Joined
·
10,531 Posts
What Johnny is getting at is that the users of the corporate network (employees) also have computers at home, which may or may not be protected by antivirus software.
If that employee has an infected computer and has this wonderful picture of their perfect little niece (or whatever file), they copy it to a disk (usb drive, etc) and bring it into work, that file has the virus and can potentially infect the corporate network.
 

·
Registered
Joined
·
16,568 Posts
Your network is only as secure as the weakest link. All you need is one user that has '123' as their password, or one that doesn't lock their desktop when they walk away/go home for the night. Having your users do work from home is a double edged sword for the exact reason Johnny Diablo stated. You can't control what they have on their home computer. You can give them free antivirus and whatever else but that doesn't mean they know how to install it or that they're willing to do so. If you're gonna have people work from home the best way to control what they have at home is to give them a computer with a site to site VPN connection that is an extension of the company's network so that the same(or even stricter) policies apply to the home computer as the office computers.

You can also forbid people to do any work from home so they can't bring/email documents back and forth and expose them.

Just my humble :twocents:
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #7
Your network is only as secure as the weakest link. All you need is one user that has '123' as their password, or one that doesn't lock their desktop when they walk away/go home for the night. Having your users do work from home is a double edged sword for the exact reason Johnny Diablo stated. You can't control what they have on their home computer. You can give them free antivirus and whatever else but that doesn't mean they know how to install it or that they're willing to do so. If you're gonna have people work from home the best way to control what they have at home is to give them a computer with a site to site VPN connection that is an extension of the company's network so that the same(or even stricter) policies apply to the home computer as the office computers.

You can also forbid people to do any work from home so they can't bring/email documents back and forth and expose them.

Just my humble :twocents:
So everyone is defining corporate customer in the sense that it's employees either working from home or transferring data between home and work. In that sense, the question is not only simple, it's pre-school. It's the answer I know.

The issue we had with answering was the switch from "home user" to "corporate customer". We both saw the two phrases as two different entities. That's where we were confused. If a CIO or network admin sees corporate customer as an employee, then there's no issue with the question.

Thanks for all the info so far.
 

·
Registered
Joined
·
1,549 Posts
This is a multi-level problem. Yes, home users are usually retarded when it comes to IT security. By just offering them free antivirus is not going to fix that.

However, providing licenses to users is a huge step in the right direction, if people are doing work at home and bringing data back in. Johnny already mentioned that DoD provides free Antivirus licenses to any user that has a computer at home. Many large corporations do this as well. If you are a large company, you have a lot of pull with these vendors. Have Symantec come in, tell them that you want to include free licenses for your employees at home, or you are going to switch to a different vendor. They would rather give away a small amount of revenue than lose that huge corporate account and the yearly maintenance fees that go along with it.

Another alternative is to employ nazi-strict network access control, with policy based network autorization. This ensures that every machine plugged in to your network has anti-virus with the latest signatures, and whatever patches you deem required. This would ensure that all end user machines at your company have anti-virus software installed, that would scan all of the infected files your users bring in from home. However, that will cost much more that just giving your users free anti-virus. It does, however, provide a much stronger form of integrated security.

OK... long rant is over. If you have any specific questions, just ask.
 

·
Registered
Joined
·
16,568 Posts
Ok, I see you've added some info. I think we're pretty clear on the "home user" part. If the "corporate customer" is in fact a customer(contractor, whatever) you make them sign a usage policy just like you do with your home users and make them go along with your standards. In other words, "this is what we have in place, therefore if you do any work for us you have to go along with these guidelines otherwise we'll give the contract to the guy standing in line behind you." Does that make more sense?
 

·
Registered
Joined
·
14,224 Posts
They can be seperate entities. A reason to provide s/w to non-employees is to attempt reduction of network noise. In theory if it was free more people would have it installed. This may result in the reduction of zombies and spammers which might increase your throughput.
 

·
Registered
Joined
·
1,549 Posts
If the issue is worrying about what corporate partners are swapping over interconnected networks, firewall the hell out of that connection, and scan everything that comes across. Sign an agreement with that company making them liable for viruses or other malware that originates from their system.

It is not your responsibility to provide s/w to other companies employees.
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #12
Sweet, thanks all. We were on the same track with the employee access and the brainstorming you guys helped foster helped clear up some other aspects.

I sent Mrs Seamus the link and she's reading these too. I have to head home and get ready for my welding class. That's more my speed. Manual labor with a mathematical flair.

Oh, and you all got repped. Respek.
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #13
If the issue is worrying about what corporate partners are swapping over interconnected networks, firewall the hell out of that connection, and scan everything that comes across. Sign an agreement with that company making them liable for viruses or other malware that originates from their system.

It is not your responsibility to provide s/w to other companies employees.
After the brainstorming this thread helped push along, I (we) think the idea of the first article is that free functional AV software in the hands of all endusers (even non employees) will help corporations reduce the amount of virii that affect them.

The second part of the question is whether AV software in and of itself will help which we all agree is not the case. Up until the DOD million character password policy, even I was using passwords I could remember and not necessarily ones that were effective. Training and enforcement of "network-nazi" policies, firewalls and limiting internet connectivity to sites deemed work-while is the other part.

Sounds alot like ndd's post but, it's not what you know it's who you know that you can steal it from. :thumb:

Thanks again,

goin' weldin' now
 

·
Registered
Joined
·
1,193 Posts
Another alternative is to employ nazi-strict network access control, with policy based network autorization. This ensures that every machine plugged in to your network has anti-virus with the latest signatures, and whatever patches you deem required. This would ensure that all end user machines at your company have anti-virus software installed, that would scan all of the infected files your users bring in from home. However, that will cost much more that just giving your users free anti-virus. It does, however, provide a much stronger form of integrated security.

OK... long rant is over. If you have any specific questions, just ask.
NDD is talking about endpoint security. Integrity endpoint checkpoint and Symantec offer programs with these types of control. Its basicly a client that installs on the VPN client computer. The VPN at the corporate end allows access based on your system being patched and virus definitions up to date.

An alternative to all this would be a Citrix client but then you are vulnerable to keyloggers if someone is stupid enough to "citrix in" from a coffee shop kiosk or other public machine.
 

·
Registered
Joined
·
8,271 Posts
No one has yet to mention remote access to encrypted secure terminal servers which in it's usual form, doesn't provide a link from the home user's system to the corporate system that could introduce a virus from the remote system to the host. We shut down all file transfer avenues other than remote printing and so far it hasn't been a problem with some 3500+ users at 6 different sites.

All of these clients have zero tolerance policies for outside media being intoduced into the system including client/vendor notebooks. They have firewalled "guest" routers that connect to the web without touching the internal net and isolated scan stations for users that must bring in authorized foreign media.

Again, this is very workable and we have yet to see a problem.
 

·
Registered
Joined
·
1,193 Posts
What is confusing about the asignment is :

You are a strategic analyst - from this I am wondering ..is this strategic analyst working at say ??? symantec?

How does subsidizing free AV benefit the firm? Who is the firm? What do we do? "Free AV with every crsipy creme"? or Free AV with every copy of OS-X? This can make a big difference.

Lastly... If you were symantec and going with this guys wish of making it all free... how do you pay your wages and bills? - subscriptions? pay per update?

yeh its not a straight forward asignment from what is presented here.
 

·
Registered
Joined
·
2,704 Posts
Discussion Starter #20
JDiablo, these are all questions I asked my wife when she first asked me for help with this assignment. I didn't use Crispy Creme though, I was selling motorcycle tires :D The question when posed without the articles was fairly easy to answer, the articles through me for such a loop since they didn't seem to relate to the question being asked and they created my initial confusion between "corporate customer" and "home user".

This, unfortunately, isn't the first time her assignments have confused us with unrelated articles. It's actually quite disappointing.

...oh nevermind I didn't make the list anyways :p
You're new green outfit and lettering keeps throwing me off. Give me some time to remember that you're not wearing red anymore. :D


The good thing is you all helped us to look at the problem slightly differently than we started and it allowed us to come up with the basis for her paper. We came up with the answer to both questions:

1. ...explain why there is a connection between the company's network and home users and how this might help your company's problems with viruses.

2. ...consider whether there are other issues besides providing free software to home users that affect the network security of your firm and to be sure to put your discussion in the context of the roles of top management/non-IT management, IT professionals, and end-users play in maintaining network security.


Basically, the information you guys provided and the direction that some of the info indirectly pointed us in helped define the paper. Thanks again to everyone who helped out. It's much appreciated. :thumb::thumb::thumb:

edit: Apparently, I've given out too much rep in the last 24 hours. If I didn't get you today, you'll get it tomorrow. You'd think this moderator thing would give me more power. :rolleyes:
 
1 - 20 of 20 Posts
Top