Re: Holes in my security - advice needed

May I ask how to run the audit?

2003 standard server SP2. I have a primary domain controller DC1.
--
Thanks, Steve


"Danny Sanders" wrote:

It's difficult, if not impossible, to protect the company from itself.
Yet,
I will be blamed if there is an attack, infection or theft of corporate
and
client information. It worries me a lot.

I would do a audit of the information on the network. Classify the
information into categories ranging Information needed to be kept from the
public (Social Security numbers, private business info that needs to be kept
out of competitors hands, Info that if released to the public would damage
the company's credibility and profitability) Information that needs to be
kept from other departments ( Wages, Social Security numbers, etc) and
information that is created for the public (Info released on the website,
etc.).

This over all audit will allow you to know first *if* there is sensitive
info on the network, where it is, how much there is, and who has access.

Then you can go to the powers that be and show them how much data is on
their network that is covered by HIPPA or Sarbanes Oxley. If they put some
teeth in their policies, this overall audit will allow you to know where the
data resides on your network that needs the most protection and you can
target your efforts accordingly.

If they still refuse to put some teeth in their own policy after that CYOA.
Find another job or have them sign off on a letter that states you informed
them of the possible security hole and the data that they store on their
network. It's possible that their data can be intercepted and modified,
deleted or copied, or just read to get an unfair advantage.

hth
DDS


"SteveP" <SteveP@xxxxxxxxxxxxxx> wrote in message
news:7985F434-F919-4729-9293-3DFA3E071D9B@xxxxxxxxxxxxxxxx
It's difficult, if not impossible, to protect the company from itself.
Yet,
I will be blamed if there is an attack, infection or theft of corporate
and
client information. It worries me a lot.

I can talk over their heads about man in the middle attacks and virus's.

Other IT people must have found ways to present the danger to their
employeer and enforce IT policy for the good of the company? Suggestions,
please?
--
Thanks, Steve


"Phillip Windell" wrote:


"SteveP" <SteveP@xxxxxxxxxxxxxx> wrote in message
news:6D5CCEF8-C345-4D38-84CC-742365ADEF45@xxxxxxxxxxxxxxxx
The network is 2003 standard servers and one W2K server. All users are
XP
Pro. All users are joined to the domain.

Except:
One user bought a laptop with Vista Home on it. It is used at home by
children and then brought into work and plugged into the network. It
was
also given the printer drivers. It cannot be joined to the network and
I
have no control over it. I do not know if it has up-to-date antivirus.

One Mac desktop that was just brought in one day and plugged in.

Company policy is XP Pro machines only and they must be joined to the
domain.

I need information to present to management on why having computers
just
plugged into the network is dangerous.

I don't know what to say. It would be like trying to explain what the
color blue
looks like.
If they don't understand why it is bad,...then how did the company policy
get
put in place that says, "Company policy is XP Pro machines only and they
must be
joined to the domain"? That would be the whole point of that
policy,...if they
aren't going to enforce that policy then get rid of it and let the LAN be
a
free-for-all, because your Policies have no "teeth",..they have no
authority.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or
Microsoft, or
anyone else associated with me, including my cats.
-----------------------------------------------------






.

Relevant Pages

  • Re: Holes in my security - advice needed
    ... I will be blamed if there is an attack, ... I would do a audit of the information on the network. ... If they don't understand why it is bad,...then how did the company policy ...
    (microsoft.public.windows.server.networking)
  • Tech paper on proposed future generation NIDS
    ... Data is aggregated from the network ... UDP packets, or other incongruity in data and packet types. ... to reduce IDS rule sets and attack proccessing. ... When people in security speak of correlation, ...
    (Focus-IDS)
  • RE: Intrusion Prevention Systems
    ... Network systems functioning as a bridge can prevent the traffic ... recognize the attack and prevent it from affecting the target is absurd. ... His point is that there are many techniques ... variables affecting the application's receipt of and response to the data. ...
    (Focus-IDS)
  • [Full-disclosure] Re: RLA ("Remote LanD Attack")
    ... > " That is correct this affects network perimeter devices, ... > I used the -k switch a few, times although, it seemed to work either ... > the data/payload size seems to cause the attack to be more optimized. ... >>> remotely against the central connectivity device. ...
    (Full-Disclosure)
  • RE: ForeScout ActiveScout (was: Re: Intrusion Prevention)
    ... The technology sounds interesting but I have doubts regarding the ... If I for example scan for port 80, ... How do you deal with real network problems that prevent legitimate ... put the product in alert mode waiting for an attack? ...
    (Focus-IDS)