Re: Oh Dear, Where to start?!

From: Jason K. Boykin (jboykin_at_summit-research-corp.com)
Date: 06/25/03

  • Next message: chris: "Re: Firewall on server itself"
    To: Steve Frank <stevefrankrit@yahoo.com>
    Date: Wed, 25 Jun 2003 12:49:51 -0500
    
    

    On Wednesday 25 June 2003 06:55 am, Steve Frank wrote:
    -------------snip--------------------
    > What I need advice on is the following: If you were
    > introduced to a mixed network (literally all versions
    > of windows since 3.1 and mac systems) that have no
    > updates, backups, or patches installed... connected to
    > a network with only a basic NAT table and no other
    > security... with not even anti-virus software
    > enabled... with no user policies or disaster plans in
    > place... with unprotected netbios shares everywhere...
    > where would you start the process of building some
    > sort of security solution?
    >
    > I mean, I've seen passwords on monitors, shared
    > accounts, open public ports (even the wiring cabinet
    > was unlocked in plain view of passbys to the
    > building). I've been tasked with creating the security
    > policies relating to internet use, network and phone
    > use, passwords, physical security, backup/disaster
    > plans, antivirus, incident response, email
    > use/protection, and whatever else needs done. This
    > wouldnt be so bad normally I guess, but there is
    > virtually no budget allocated to help for this project
    > and I have approximately 3 months to do it. To make
    > matters worse, I am also responsible for systems
    > admin, network admin, tech support, programming, and
    > whatever other tasks may need to be done in the
    > meantime.
    >
    > So basically, if you had to start from nothing, where
    > would you start first? What would you consider to be
    > the most important things to be implemented? I am
    > literally working from ground zero here... heh!
    >
    > Thank so much in advance ;-)
    >
    > Steve Frank

    I think the first step would be to get your policy on paper and mail that out
    in a way everyone can understand. Explain why they need to follow these
    rules. This policy should include good password practices, do not share
    passwords, do not share your drives without permission, do not open e-mail
    attachments unless you are expecting it from someone you know etc. Mostly
    stuff that would be common sense for a net admin that users dont think about.
    The Art of Deception by Kevin Mitnick is a pretty good book about all this.
    On top of social engineering it covers a lot of common technical security.

    Have everyone change their passwords.

    Next step would be to get rid of all the unneeded shares and set up groups who
    can access needed shares.

    Get a firewall up and maybe put snort or another ids behind the firewall.

    At some point you need to get all those machines patched.

    Theres lots of software out there for backups. Windows XP has one, I think
    its just called backup or something like that. If you want to go the Linux
    direction check out amanda. If you dont have a whole lot of linux experiance
    that might take more time than its worth

    It would prolly help the anti-virus situation to scan incomming mail on the
    server before the users get to it. Find a free online virus scanner and send
    out e-mails to everyone every few weeks asking them to scan their machines or
    since your an admin you could do it remotely for them while they are out.
    Your firewall should help keep a lot of the bad packets out from the net.

    Sounds like you have a very large task to fulfill in 3 months time. I just
    think get everything on paper, spend a few days researching then tackling it
    should go fairly smoothly. Hope this helps you.

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------


  • Next message: chris: "Re: Firewall on server itself"

    Relevant Pages

    • Re: inheriting a network
      ... Changed the passwords to the firewall and removed ... Any other golden nuggets of admin ... >> servers, a Virus scanner that was 2yrs out of date, the ... >> I would start by running the Microsoft Baseline Security ...
      (microsoft.public.win2000.security)
    • Re: Nimda esponsibility - Laying appropriatel - implied warranty of sale
      ... developing, implementing, and following security ... found out that the backups hadn't been verified... ... The point is this...if senior management is serious ... trained/experienced MS admin can lock down a box as ...
      (Incidents)
    • Re: more info on a hopefully unsuccessful compromise
      ... What events are generated in the security log when you are logging in whith ... > admin account with a strong password that shows up in the user manager. ... > passwords you never set. ...
      (Incidents)
    • Re: NTBackup Functionality
      ... want to automatically retain the last 5 backups. ... the Windows Task Scheduler requires passwords to run on ... This is a security measure, and while it can be defeated, ... You can easily have Windows remember the passwords. ...
      (microsoft.public.windowsxp.general)
    • Re: Screensaver takes too much time to fade-out...
      ... I will provide a disclaimer up front that I work in the security field, but I design security protocols and OS security I learn from osmosis from my colleagues. ... Linux install is NOT as bad as say XP install where you can get owned DURING the install if you are connected. ... I am quite contrary on passwords and password strengths. ... First configure your local firewall so that all inbound ports are closed and only open those that you have evidence that you need (what local servers ARE you running? ...
      (Fedora)