Re: Proxy server hit... Any ideas?

From: Etaoin Shrdlu (shrdlu@deaddrop.org)
Date: 11/22/02

Next message: Thomas C. Meggs: "Re: Compromised FBSD/Apache"

Previous message: John Hall: "Re: Strange apache logs: CONNECT maila.microsoft.com:25"
In reply to: Mike Cain: "RE: Proxy server hit... Any ideas?"
Next in thread: Jonathan Bloomquist: "RE: Proxy server hit... Any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 22 Nov 2002 07:07:18 -0800
From: Etaoin Shrdlu <shrdlu@deaddrop.org>
To: incidents@securityfocus.com

Mike Cain wrote:
>
> Yeah, the box came to me basically because the guy above me doesn't have
> a clue about NT or about ANY security... Bad timing I guess or good
> depending on how you look at it... I have just got back from meeting
> with management to suggest some policies, now they want me to write an
> IT policies handbook, guess I asked for that one huh? :)
>
> So where should I start looking for de-facto policies, and such? Or
> should I just use my best judgment? I'm thinking the latter is a bad
> idea because if one doesn't pan out, then they say, "Well... YOU wrote
> them..." :)
>
> Again, thanks SO MUCH for all the responses. Groups like this make
> learning the security scene A LOT less painful.

There is a small, but useful book that you can purchase for a nominal sum
from the SAGE portion of usenix. I truly recommend it.

http://sageweb.sage.org/resources/publications/short_topics.html

It is short topics #2, entitled "A Guide to Developing Computing Policy
Documents." I also recommend (for this group) the short topics booklets on
"#6: A System Administrator's Guide to Auditing," and "#3: System Security:
A Management Perspective," which are also useful to anyone in the security
industry, regardless of experience level.

--
Only the mediocre are always at their best.
                Jean Giraudoux
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Thomas C. Meggs: "Re: Compromised FBSD/Apache"
Previous message: John Hall: "Re: Strange apache logs: CONNECT maila.microsoft.com:25"
In reply to: Mike Cain: "RE: Proxy server hit... Any ideas?"
Next in thread: Jonathan Bloomquist: "RE: Proxy server hit... Any ideas?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: writing security policy
... Getting management support can sometimes be tricky. ... "feel the pain" of bad security. ... Next step after getting policies signed off is enforcing it. ...
(comp.security.misc)
Re: Audit Framework
... > My company has recently asked me to perform a high-level security audit of ... > - General policies and procedures ... > - Password management ... > - Security training ...
(Security-Basics)
RE: Proxy server hit... Any ideas?
... > a clue about NT or about ANY security... ... > with management to suggest some policies, ... Do you Yahoo!? ... For more information on this free incident handling, management ...
(Incidents)
RE: Proxy server hit... Any ideas?
... > IT policies handbook, guess I asked for that one huh? ... RFC 2196 aka Site Security Handbook is usable on a technical level. ... Use standards as a checklist. ... For more information on this free incident handling, management ...
(Incidents)
RE: CISSP-ISSMP
... management say "that's nice", and move on. ... education, certification, experience, know-how, abilities, and ... Many 'security jobs' are nothing shy than that of an overly glorified ... Download FREE whitepaper on how a managed service ...
(Pen-Test)