The successful implementation of a security project depends on the standardization of all hardware. The main purpose of standardization is tosimplify administration, but it is also important in creating a secure platform. Where users have permission to start any program they wish, they also have theability circumvent the installed security functions. If non standard drivers are used in DOS and Windows, there is no guarantee that these do not contain "back doors" that can be activated by particular key combinations. The DOS version, network drivers, Windows version and permitted drivers should all be standardized to make best use of the defined security. Large companies should have standardization as a useful objective, as it can provide considerable savings in support costs. The process is made easier if computers and network cards of the same brand are purchased, with peripherals like CD-ROMs and tape units from the same manufacturer.
|
|
|
|
|
|
|
|