RE: Proxy server hit... Any ideas?

From: Alvin Oga (alvin.sec@Mail.Linux-Consulting.com)
Date: 11/22/02

  • Next message: Captain James T Kirk: "RE: Proxy server hit... Any ideas?" 
    Date: Fri, 22 Nov 2002 03:48:18 -0800 (PST)
From: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com>
To: Mike Cain <mikec@lpinsurance.com>

    hi ya mike

    my it policies
            - no telnet, no ftp, no ppp, no pop3, no pptp, no vpn
            - no dhcp, no laptops from home, no wireless
            - definitely nothing from an insecure network at home...

            - i want to to know anytime anything connects and disconnects
            from the "supposedly secure" corp lan

    - than figure out who gets exceptions and why and how ... and reiterate
      that each exception to the policy has the possibility to erase the
      PCs and possibily disrupt or erase the entire corp lan by "click-happy"
      users
            - lots of fun stuf to do..

    Security Policy Stuff ( RFCs even )
            http://www.Linux-Sec.net/Policy/

    have fun
    alvin

    On Wed, 20 Nov 2002, Mike Cain wrote:

    > Yeah, the box came to me basically because the guy above me doesn't have
    > a clue about NT or about ANY security... Bad timing I guess or good
    > depending on how you look at it... I have just got back from meeting
    > with management to suggest some policies, now they want me to write an
    > IT policies handbook, guess I asked for that one huh? :)
    >
    > So where should I start looking for de-facto policies, and such? Or
    > should I just use my best judgment? I'm thinking the latter is a bad
    > idea because if one doesn't pan out, then they say, "Well... YOU wrote
    > them..." :)
    >
    > Again, thanks SO MUCH for all the responses. Groups like this make
    > learning the security scene A LOT less painful.
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com

    Relevant Pages

    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
      (Firewall-Wizards)
    • RE: [fw-wiz] PIX vs Checkpoint vs Sonicwall vs Netscreen - comme nts?
      ... All NetScreen appliances rely on custom-designed ASICs (Application ... Specific Integrated Circuits) for security policy enforcement. ... supports a finite number of "rules" or "policies". ...
      (Firewall-Wizards)
    • RE: Mass Distribution of Security Policies
      ... It could start with a Network usage agreement, (Advisory Policy) to all ... Mass Distribution of Security Policies ...
      (Security-Basics)
    • RE: Security Policy-Please help
      ... your Masters in Systems & Network Security, ... Before you begin writing policies, you deffinetly want to make sure you've ... SANS Security Policy Project at http://www.sans.org/resources/policies/. ... L0phtcrack is one of the better tools for testing password ...
      (Security-Basics)
    • Re: Least User Priviledges for Network Administrators
      ... It makes sense to have a chain of command and approval policy to keep things ... the computer use policies, software purchasing policies, security ... upper management--both within the Network Technology group, ... driving the process of tightening down security. ...
      (microsoft.public.windowsxp.security_admin)