security concerns

From: Edmund (edmund_at_belfordhk.com)
Date: 06/26/04

  • Next message: Dinis Cruz: "RE: ASP security in HTML pages" 
    Date: Sat, 26 Jun 2004 11:31:16 +0800
To: security-basics@securityfocus.com

    Hi,

    I've been monitoring this ML and have gleamed a
    lot of very useful information that can help
    me in maintaining the networks that I'm in
    charge of. I am, by no stretch of the word,
    a security expert. While I do know my way
    around computers, I'm not how one would call,
    a certified network administrator.

    I, however, have read some books and have
    monitored a lot of sites and have come to
    a screeching halt in terms of information
    overload.

    There's really TOO much stuff that I need to
    be concerned with and too many issues that
    I need to deal with that I'm starting to
    feel overwhelmed by the whole thing. I am
    just a mere one-man IT department keeping
    tabs on the network's integrity.

    Not being educated in the computer industry
    (I have taken a few computer courses during
    my first in in university), I don't consider
    my knowledge any bit helpful. (Modula-2 anyone?)

    Can anyone impart some advice on how to maintain
    network integrity while maintaining my own
    sanity/wits? Here's what I normally would
    do:

    1) Check list of vulnerabilities in most of
    the important packages the servers use.

    2) If vulnerabilities exist and a patch has
    been done, I patch the system.

    3) I monitor the firewall for any suspicious
    activity. (This is not easy as by default I
    suspect all incoming packets.)

    4) Protect all Internet-capable systems with
    the latest patches and AV products. So far,
    I haven't found a reason to put AT programs
    on the systems.

    But despite my attempts at securing workstations,
    they find it very inconvenient not to have
    scripting enabled. What can I do?

    Any help very much appreciated.

    Edmund

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------

  • Next message: Dinis Cruz: "RE: ASP security in HTML pages"
    • Quantcast