Re: Please help me "sell" the idea of a more secure network
- From: "JM" <jm@xxxxxxxxx>
- Date: Sun, 02 Jul 2006 15:44:48 GMT
"Hank Arnold" <rasilon@xxxxxxx> wrote in message
news:e70kYEbnGHA.3436@xxxxxxxxxxxxxxxxxxxxxxx
Some good advice. However, nothing will change unless the customer's
executives management signs up.
To be honest, I don't think the OP will have much to worry about for long.
Chances that this company will survive are slim..............
Why do you think this?
jm
Regards,
Hank Arnold
Mark Repuski wrote:
You are right this is not a good situation. As the customer seems
disinterested as nothing bad has happened you might need to perform two
services. First try to ensure that you have mitigated there configuration
with good
backups. Regardless of how good or bad a design they have you could
rebuild
should there be an issue. This rebuild would then help you suggest
changes
but lets hope this never happens
Once you have backups it might be best to document the current
configuration. Then create a better approach on how you would prefer the
environment and then priorities each change. Suggesting the most
important
changes first should bring the network up a notch or two.
You might also suggest changes that do not cost any money. A small
example.
- join all systems to the domain.
- create a password policy, enable history,
at some point the user will have to point the user will have to pick
there
own password
- setup the appropriate OU, Global, local and account membership and
apply
- disable the or limit the abilities of the group account.
It can't be used if it is not available
Then you might ask the your customer if you could perform a test have the
most junior employee attempt to open or access this sensitive data.
Do the same thing using a wireless notebook from you company. Then save
the
file on you system and walk out the door. When you come back ask him/her
if
this just happen and it was not a trust person what problems would/could
happen from this data theft.
Then go outside and sit in you car or some other discrete location and
connect to the wifi network.
One final though, show him a PO or invoice for a customer who had an AV
issue. This gives you information on what impact this might have on the
books and can be used as a bench mark for the cost of changes.
This should be done under the watchful eyes of the boss.
On 6/30/06 11:11 PM, in article
QJlpg.1715$u11.1616@xxxxxxxxxxxxxxxxxxxxxx,
"JM" <jm@xxxxxxxxx> wrote:
My company does mostly telecom interconnect work, and some data.
Typically,
we bring in a networking person from a partner company to do the actual
technical stuff. However, it's often our job to educate the customer on
why
certain things are needed. And I need some help on a current situation.
The client has Windows 2003 Server Standard Edition, with about 15-18 XP
Pro
computers. They have AD setup, with their core company software running
on
the server. Most of the clients are joined to the domain, but several
employee laptops simply operate in a workgroup sharing internet and POP3
email, with their email being hosted by a local network services/website
design company.
Some users log on using a unique username, but ALL users use the same
password. In fact, this "master" password can be found almost anywhere
and
on anything that requires a password, including their individual email
accounts, websites, and who knows what else. Other domain users login
in
with generic logins like "CompanyNameUser," again using the universal
password.
To make matters worse - at least in my non-expert view - is the wireless
router they leave on 24/7, completely open, for anyone and everyone to
use.
They have literally hundreds of customers coming and going daily, and
the
wireless internet access is a courtesy they offer.
Finally, they have no comprehensive, system-wide security solutions,
whatsoever. Their anti-virus "protection," for example, consists of
various
products, releases, life cycles, etc, all on the individual clients.
Some
have Norton, others McAfee, AVG Free (yeah, I know), with some being
in-date, out-of-date, and some with nothing at all. There are various
free
malware killers, pop-up blockers, and the like, installed by whomever,
whenever, because they have no group policies or other domain security
policies in place enforcing who can and cannot install software.
I know this is a huge issue, and I'm not asking for anyone to spend a
lot of
time on it, but I need some concise ideas for these people. The problem
is
that up to this point nothing devestating has happened, so they are
totally
blissful in their ignorance. If I sell too hard, given their current
good
luck, they will think I'm doing Chicken Little or trying to make a buck.
The fact is, I'm really concerned about my clients, and I know their
current
situation is going to get them in trouble. I'm just not sure how to
approach it.
thank you,
jm
.
- Follow-Ups:
- Re: Please help me "sell" the idea of a more secure network
- From: Hank Arnold
- Re: Please help me "sell" the idea of a more secure network
- References:
- Please help me "sell" the idea of a more secure network
- From: JM
- Re: Please help me "sell" the idea of a more secure network
- From: Mark Repuski
- Re: Please help me "sell" the idea of a more secure network
- From: Hank Arnold
- Please help me "sell" the idea of a more secure network
- Prev by Date: Re: Please help me "sell" the idea of a more secure network
- Next by Date: Re: Moving a user profile
- Previous by thread: Re: Please help me "sell" the idea of a more secure network
- Next by thread: Re: Please help me "sell" the idea of a more secure network
- Index(es):
Relevant Pages
|
