In one of the comments to post on password ageing I promised another post on the pros and cons of managed desktops. That’s still being written, but in the meantime I came across Security Rule No. 1 - Assume you’re hacked, which contains this:
The best way to prevent hacking is to lock down workstations and servers and to allow only pre-approved software run on them. Most IT departments have no idea about what is and isn’t running on all the computers under their control. Use a software inventory or an application control program to learn what is running, review each active program, approve what is needed, and prevent the rest from running. If you can’t take this step, then it’s probably a losing battle
That’s the classical approach, and it certainly makes life easier.
The whole article is worth the read. As I said in my post on metrics, I don’t believe anyone who says they haven’t been hacked, but that can be thing a difficult thing to sell to senior management. Articles like this one (and the original article in Forbes) are all good stuff to have to hand in that discussion.
