Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Newest First  |  Oldest First  |  Threaded View
RitaJJohnson
50%
50%
RitaJJohnson,
User Rank: Apprentice
1/21/2019 | 11:46:46 AM
Re: Good Idea
Exectly
uversaprod9
50%
50%
uversaprod9,
User Rank: Strategist
1/21/2019 | 12:58:54 AM
Paw-ke Mon Go!
"Now, we come here to play Paw-ke Mon Go!"
jbeukelman
50%
50%
jbeukelman,
User Rank: Apprentice
1/20/2019 | 4:29:55 PM
Re: Good Idea
Articles like this just make me laugh. 

I've been consulting for 20 years and I still have yet to see a single organization allow BYOD devices on the corporate network.  If I ever see that, I will point it out as a huge security hole.  BYOD isn't common because the company can't transfer liability to the owner of that device.  If some end user puts corporate data on their personal laptop, which is then stolen, it's the company not the user that is liable.  Therefore, no BYOD. 

This author also said something about contractors putting BYOD devices on the corporate network.  This is also stupid and is not something that ever happens, and for the same reasons I described above.  In my experience, contractors are barely allowed to use the guest WiFi. 

The security perimeter is expanding, not disolving.  BYOD is not a threat if you don't allow them on the network.  Security comes before popularity. 

If you can't control it, don't allow it. 
HenryHSE1
50%
50%
HenryHSE1,
User Rank: Author
1/18/2019 | 3:50:09 AM
No more one size fits all
Organizations need to be realistic that they will have different endpoints with different levels of security. That's fine provided that they're conscious of it - and that they restrict what their less secure endpoints can do (ie don't allow insecure endpoints to talk to your most sensitive systems!)
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
1/17/2019 | 3:11:35 PM
Good Idea
No bring your own devices.  At work you use a CORPORATE ASSET or not at all.  THAT is a good rule.  Eliminates alot of troubles.  Corp has rules for usage of assets, but bringing your own in voids all of that in a flash. SO DON'T BE STUPID about it.  Work is work and that is that.  No outside anything except IF you have a defended guest network maybe and even then test the hell out of it.  Segment that off your corp in-office network.  Tools exist for that.  But NOTHING OUTSIDE ever comes in the door.  Simple and effective. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7700
PUBLISHED: 2020-08-14
All versions of phpjs are vulnerable to Prototype Pollution via parse_str.
CVE-2020-7701
PUBLISHED: 2020-08-14
madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.
CVE-2020-9228
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2020-9229
PUBLISHED: 2020-08-14
FusionCompute 8.0.0 has an information disclosure vulnerability. Due to the properly protection of certain information, attackers may exploit this vulnerability to obtain certain information.
CVE-2019-19643
PUBLISHED: 2020-08-14
ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service.