Trustworthy computing starts with me

http://www.incidents.org/diary.php?storyid=1720&isc=a3097ac5f650aec5a062e972a6ae4de5

SANS links to two vulnerability notices about "FolderShare" which is a sync folder tool free from Microsoft…and in full disclosure I use it here on this blog site to pull off the sql database to an offsite location.  But I disagree with one statement that the admin won't see this file sharing going on… every night when that folder syncs there's traffic on my network connection… I 'do' see the impact as it trickles the bits across… so I'd challenge network admins to be more proactive…. I can't rely on any vendor to make the risk decisions for me.  Just as I can't rely on any vendor to set the properly firewall policies I need to be secure.

Trustworthy computing starts with me and how I set up my network and watch what's going on and review firewall logs when needed.  Doesn't have to be every day but spot check them every now and then…add on reporting tools when you need them.

NISCC Vulnerability Advisory 693564/NISCC/FOLDERSHARE – Security Implications of the FolderShare Program:
http://www.uniras.gov.uk/niscc/docs/br-20060920-00635.html?lang=en

Best practices and security issues to consider when you use FolderShare:
http://support.microsoft.com/kb/925077

Comments are closed.

Post Navigation