making managment aware of reality

From: jox (lizardjox@yahoo.com)
Date: 08/31/01 

Message-Id: <5.1.0.14.0.20010831092728.00a91e10@mail-in.pandora.be>
Date: Fri, 31 Aug 2001 09:42:07 -0700
To: security-basics@securityfocus.com
From: jox <lizardjox@yahoo.com>
Subject: making managment aware of reality

Hi all.
I would like to explain my work situation and then i would like to hear
some ideas of you people on how to handle this.
I work for a highschool where whe have following configurations:
6 win2kservers
55 student ntwks ( mostly win2kprof)
85 pcs for administration and teatchers (mostly winntwks some win2k)
I have inheritted this network and most of my job is doing on site support.
We have a variety on hardware also.
Security is a big problem. On the server side i am working with an
administrator who does "his thing" which is not security. Service packs and
hotfixes are rarely done "is there a service pack for windows 2000? Really?"
Our "security" is proxy who never had a hotfix. Userrights are badly
configured, administratoraccounts are left unlocked, serverhd have 25 mb of
free space, no passwd policy"s, etc.
Today i just kinda inheritted also a novell network from 110 clients from
the same managment, for administratrion and on site support (not that i am
aware of any
novell buth, well thats the proposed solution and i had a speed lecture of
one hour :-)).
I was a computer illeterate 2 years ago. One year ago i had a six month
education.
Besides that we are merging with other highschools this year which will not
help to improve our security nor that of those trusted networks.
How does one handle this. How to make managment aware of the problems.
any advice welcome.
jox

(if anyone is wondering, no i did not sent this mail from our badly
configured network and no this is not an invitation to hack us)

Relevant Pages

  • Re: Anonymizing Packets yet ensuring 0 % packet loss
    ... exercise of mine is to by pass the security systems in place & prove ... you need anything that needs a reply from the network, ... We do not want the administration to say that " we could have stopped ... enumerate the services, administration subnets, department subnets, ...
    (Pen-Test)
  • Re: Anonymizing Packets yet ensuring 0 % packet loss
    ... exercise of mine is to by pass the security systems in place & prove ... you need anything that needs a reply from the network, ... We do not want the administration to say that " we could have stopped ... enumerate the services, administration subnets, department subnets, ...
    (Pen-Test)
  • Re: Anonymizing Packets yet ensuring 0 % packet loss
    ... exercise of mine is to by pass the security systems in place & prove ... you need anything that needs a reply from the network, ... We do not want the administration to say that " we could have stopped ... enumerate the services, administration subnets, department subnets, ...
    (Security-Basics)
  • Re: Anonymizing Packets yet ensuring 0 % packet loss
    ... exercise of mine is to by pass the security systems in place & prove ... you need anything that needs a reply from the network, ... We do not want the administration to say that " we could have stopped ... enumerate the services, administration subnets, department subnets, ...
    (Security-Basics)
  • Small Office LAN help
    ... I've been asked by managment to set up a small windows domain for 3 offices ... with 4 computers each. ... - Will this network setup be sufficient for users to have fast access to ...
    (microsoft.public.windows.server.general)