On 4/30/23 00:25, Per Jessen wrote:
Dave Howorth wrote:
On Sat, 29 Apr 2023 21:02:13 +0200 Per Jessen <per@opensuse.org> wrote:
Lew Wolfgang wrote:
Of course, but on our network a Windows user could, through ignorance, configure her legitimately connect host to advertise a route to a second interface on her machine. I guess your corporate networking policy is very different to anything I have seen in over thirty years. My wife works for a bank - there is virtually nothing she can do to her laptop. It's a large research environment. I'm not sure if that explains the lax security policies :-) It does to a large extent, I think. The admins have a major problem. The scientists [in our case] can run pretty much whatever they decide
On 4/29/23 11:42, Per Jessen wrote: they need. I have probably spent enough time in R&D environments to know it can be done differently. I once spent two-three months at a lab outside Winchester. The first day I was put through the security training - strict clean desk policy, black and white bins (one was for daily shredding), secure lockers and drawers.
I think it is much more about awareness and security culture.
Having a good security culture is certainly important, the problem is in making the bad actors aware of your culture and that they better not annoy you. Regards, Lew