RE: Oh Dear, Where to start?!

From: Des Ward (des.ward_at_ntlworld.com)
Date: 06/25/03

  • Next message: Devdas Bhagat: "Re: Locking down a user" 
    To: <security-basics@securityfocus.com>
Date: Wed, 25 Jun 2003 22:51:41 +0100

    First point Steve is that this is going to take a lot longer than three
    months to do. You have to change a culture and this is the biggest problem.

    OK, the first point is to set the wheels in motion to make a security policy
    that states that anyone breaching you security policy will be disciplined.
    This alone will take about a years to get finalised and get buy in once the
    internal politics have settled.

    Whilst this is going on you have to control the entry exit point from your
    network (ie a firewall). This alone is going to open up a huge debate
    between different factions resident in this list. Basically if you have to
    rely on what knowledge you have (Which you haven't stated, so that would be
    a help to assisting you).

    Once you have control of your network you have to sort out your internal
    network. Can you standardise your workstations at all? Can you implement
    user/group policies?

    You have to assume that your network has been compromised, which can be
    sorted by introducing a firewall. Then all your systems should really be
    rebuilt in this case after backing up all critical data.

    Sorry, the list will go on. As you are in a uni, then you will have
    crackers/hackers call them what you will there. Try and use them to help
    you. If they can help you and you can testify to this, then they will earn
    a lot of money in the security market afterwards (A very good selling
    point). Try and segment your networks further to prevent one breach form
    affecting all others by using VLANs.

    This is going to patience and time as the song goes.

    Good luck

    Des

    -----Original Message-----
    From: Steve Frank [mailto:stevefrankrit@yahoo.com]
    Sent: 25 June 2003 12:56
    To: security-basics@securityfocus.com
    Subject: Oh Dear, Where to start?!

    Hey everyone,

    Ok... I am in a bit of a jam here and I was hoping to
    get some feedback from some of you with appropriate
    experience in the field of network security and policy
    development.

    I am an senior at RIT studying (essentially) systems
    administration. My main focus and priority has been
    computer security and policy development. I recently
    took a internship with a small government office
    helping out with computer administration tasks. Upon
    arrival, I decided it would be fun to do a windows
    update to see what sort of things would come up for my
    PC. Low and behold, there were over 40 critical
    updates, driver updates, and recommended updates.

    Right off the bat this triggered the feeling that
    there was absolutely no security or update plans in
    place at this particular organization. I quickly
    addressed the issue, and have been working to draft a
    comprehensive security policy and implement technical
    controls.

    What I need advice on is the following: If you were
    introduced to a mixed network (literally all versions
    of windows since 3.1 and mac systems) that have no
    updates, backups, or patches installed... connected to
    a network with only a basic NAT table and no other
    security... with not even anti-virus software
    enabled... with no user policies or disaster plans in
    place... with unprotected netbios shares everywhere...
    where would you start the process of building some
    sort of security solution?

    I mean, I've seen passwords on monitors, shared
    accounts, open public ports (even the wiring cabinet
    was unlocked in plain view of passbys to the
    building). I've been tasked with creating the security
    policies relating to internet use, network and phone
    use, passwords, physical security, backup/disaster
    plans, antivirus, incident response, email
    use/protection, and whatever else needs done. This
    wouldnt be so bad normally I guess, but there is
    virtually no budget allocated to help for this project
    and I have approximately 3 months to do it. To make
    matters worse, I am also responsible for systems
    admin, network admin, tech support, programming, and
    whatever other tasks may need to be done in the
    meantime.

    So basically, if you had to start from nothing, where
    would you start first? What would you consider to be
    the most important things to be implemented? I am
    literally working from ground zero here... heh!

    Thank so much in advance ;-)

    Steve Frank

    ----------------
    President SPARSA
    Security Practices and Research Student Association
    Rochester Institute of Technology

    __________________________________
    Do you Yahoo!?
    SBC Yahoo! DSL - Now only $29.95 per month!
    http://sbc.yahoo.com

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

  • Next message: Devdas Bhagat: "Re: Locking down a user"

    Relevant Pages

    • Re: Oh Dear, Where to start?!
      ... >>experience in the field of network security and policy ... >>computer security and policy development. ... >>updates, driver updates, and recommended updates. ... >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • RE: Oh Dear, Where to start?!
      ... experience in the field of network security and policy ... computer security and policy development. ... updates, driver updates, and recommended updates. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: Oh Dear, Where to start?!
      ... >experience in the field of network security and policy ... >computer security and policy development. ... >updates, driver updates, and recommended updates. ... >use, passwords, physical security, backup/disaster ...
      (Security-Basics)
    • Re: Oh Dear, Where to start?!
      ... After that I would start writing a Security policies.. ... >experience in the field of network security and policy ... >updates, driver updates, and recommended updates. ... >Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: Check for Confidential Content
      ... NetIntelligence from Iomart is a security ... like sensitive documents or unlicensed software accross your network. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)