Roberto is the network administrator for an international law firm with offices and customers in North America, South America, Africa, and the Middle East. The lawyers frequently contact each other via e-mail, use the Internet to research cases, and use listserve groups to discuss recent cases and developments in international law. Roberto wants to protect the company's network from malicious invasions, and limit the lawyers' access to the Internet and newsgroups. So he performs the following tasks: He ensures that firewalls are in place to prevent outsiders from accessing proprietary data on the law firm's private network and to prevent internal users from accessing specific Internet resources. He installs anti-virus software on all computers and prepares a maintenance schedule to periodically update the software with the most recent virus signature profiles. He assigns usernames and passwords that the lawyers must use to access the network. He configures Web browsers and e-mail clients to reject incoming file attachments that do not have digital signatures or digital certificates. He educates the lawyers on the steps they can take to prevent malware infection. He establishes encryption policies for sending sensitive information via e-mail.
What other ways can Roberto protect the law firm's network resources from outside attack? Which protective measures do you consider too restrictive? Why?