Re: Defense plan

From: Chris Berry (compjma@hotmail.com)
Date: 09/18/02

• Previous message: Ansel, Kenny L. (Sytex Contractor): "BIG MAMA !!"
• Maybe in reply to: Chris Berry: "Defense plan"
• Next in thread: Andrew Rooke: "RE: Defense plan"
• Next in thread: NVujic@sn.com: "Re: Defense plan"
• Reply: Andrew Rooke: "RE: Defense plan"
• Reply: Kenneth W. Kubiak, Information Security Officer: "RE: Defense plan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Chris Berry" <compjma@hotmail.com>
To: security-basics@securityfocus.com, oclug@oclug.org
Date: Wed, 18 Sep 2002 13:04:44 -0700

>That's quite a list of improvements. I am actually saving it as a
>reference.

I've done quite a bit of it already, but there is always room for
improvement. Would you believe that everyone had the same password when I
got here? Speaking of passwords, I forgot to add:

25) Require passwords meet complexity rules, and be changed on a regular
basis.

>What about physical server security, backups, backup tape storage and
>access? Don't know if these are even an issue, but I figured I'd drop >them
>in just in case.

I have considered physical security, but I forgot to add it to my list, good
point. I have a backup plan, and while I consider backups very important, I
didn't really think they were part of my security setup, other than as part
of the physical security issue, and virus scanning. So to sum up:

26) Ensure physical security prevents unauthorized access.

Oh, and I've been removing the cd-rom and disk drives from the workstations
to help prevent software installation. I guess that's:

27) Remove external input devices such as cd-roms and disk drives where
possible

Chris Berry
compjma@hotmail.com
Systems Administrator
JM Associates

"I have found the way, and the way is Perl."

_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail.
http://www.hotmail.com

---

• Previous message: Ansel, Kenny L. (Sytex Contractor): "BIG MAMA !!"
• Maybe in reply to: Chris Berry: "Defense plan"
• Next in thread: Andrew Rooke: "RE: Defense plan"
• Next in thread: NVujic@sn.com: "Re: Defense plan"
• Reply: Andrew Rooke: "RE: Defense plan"
• Reply: Kenneth W. Kubiak, Information Security Officer: "RE: Defense plan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: Defense plan ... My mail scanning software fell over and klez ... Require passwords meet complexity rules, and be changed on a regular ... I have considered physical security, but I forgot to add it to my list, good ... I have a backup plan, and while I consider backups very important, I ... (Security-Basics) Re: Oh Dear, Where to start?! ... > sort of security solution? ... > use, passwords, physical security, backup/disaster ... > admin, network admin, tech support, programming, and ... Theres lots of software out there for backups. ... (Security-Basics) Re: Password hashes ... networks that get compromised that have better physical security than we do. ... I'm considering outsourcing to Verisign the task of monitoring our network ... negate the need for 'super-complex' passwords since we would be able to ... > computers you need to review the physical security of your computers. ... (microsoft.public.windowsxp.security_admin) Re: Recommendation for Password App ... database needs as well. ... I don't know about Mac backups, ... I am looking for an palm app to store passwords. ... (comp.sys.palmtops.pilot) Re: Thank God for backups! ... critical data. ... But thanks to my backups I didn't. ... But I was forgetting that I use the KDE wallet (ie. password ... manager) to store all my private data (I have a LOT of passwords). ... (Ubuntu)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)