Re: Seucity audit

From: Kevin Weilbacher [SBS-MVP] (kweilbacMVP_at_gte.net)
Date: 03/03/04 

Date: Tue, 2 Mar 2004 23:07:08 -0500

yes, but most of her posts are filled with soapbox rantings (we still love
you, Susan!), whereas your posts are filled with theories of technical
relativism (Jeff, we like you, too!)

;-) 

-- 
Kevin Weilbacher [SBS-MVP]
"The days pass by so quickly now, the nights are seldom long"
"Jeff Middleton [SBS-MVP]" <jeff@cfisolutions.com> wrote in message
news:OAabtlLAEHA.640@TK2MSFTNGP09.phx.gbl...
> This is becoming a trend. I believe Susan's average post now exceeds my
> average NG post in page length.  :)
>
>
> "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
> wrote in message news:%23uFGhZJAEHA.916@TK2MSFTNGP10.phx.gbl...
> > Your security issues are not your server.  Don't look there.  It's your
> > desktops.  it's your employees.  It's not "out there", it's "in here".
> >
> > In SBS land that $8,000 would be a waste of time because Foundstone
> > would look at you from a corporate network "attitude".
> >
> > In big server land, you assume people are sniffing your traffic,
> > examining what information is bleeding off your connections seeing what
> > patch level you are at.  If you had posted in via a newsgroup versus the
> > web interface I could have told you your external IP address that you
> > posted from what version of newsreader you used.  I could [with
> > permission] fire packets at you using Foundstone's Superscan tool and
> > told you what ports you had open.  I could use nmap or any number of
> > freely available tools what operating system you were running and
> > through what hotfix you had installed.  If you were not up to date on
> > patches, I'd go to FullDisclosure or K-0tiks.com [or whatever that
> > disreputable site in French is] and I'd download exploit code and fire
> > it off at your unpatched system and nail you if the proper port was open
> > in your firewall.
> >
> > The reality is that none of this occurs in SBSland.
> >
> > We get nailed from OUR stupidity because we don't patch and don't
> > maintain.
> >
> > You don't need to spend your security dollars on a security audit in SBS
> > land.  That's not where are risks lie out there.
> >
> > 1.  What do "bots" see as your open ports?  In SBS land we don't get
> > hacked, we get stupid.  Defcon hackers do not boast about taking down a
> > SBS box.  Go to grc.com click on shields up/ports up.. what ports are
> > open.  The fewer the ports, the less attack surface.  Only open what you
> > need, close what you don't.
> >
> > 2.  What user rights are running on those workstations?  I have to have
> > a pretty loosey gooesy internal network to be "businessy" in my firm.
> > I'm the only person running in "user" mode in my LAN, the rest are power
> > users or local admin.  Local admin means they can accidentally install
> > ANYTHING... so to counter that with .....
> >
> > 3.  Trend SMB ... EVERY email that comes in the door is scanned and
> > checked, I also quarantine zip files and what not.  A/v on the server
> > and the desktop and it checks for updates every hour on the hour.
> >
> > 4.  Pop up blockers on Windows machines in the form of the Google tool
bar
> >
> > 5.  Plans to roll out XP sp2 as soon as it hits the streets [lots of
> > security features].
> >
> > 6.  Get 100% Windows XP office so that at a moments notice I can patch
> > ALL workstations - if you have one Windows 98 in the LAN you have no
> > security.
> >
> > 7.  Save your money on that audit and buy www.shavlik.com HfnetchkPro
> > and be able to remotely from your desktop [or the server] patch the
> > server and all XP workstations with one button.
> >
> > 8.  Ensure that all laptops have antivirus/patching/firewall as well.
> > Set up a procedure where standalone laptops are "checked in and checked
> out"
> >
> > 9.  Do you have employee manuals that cover authorized and unauthorized
> > internet and email use?  {Policy first and foremost}
> >
> > 10.  Buy employees a copy of Trend Micro's pccillian for home use,
> > require that they load it up.
> >
> > 11.  Sign up for Microsoft security bulletins and ensure you get
> > notified.  Patch in a timely manner.
> >
> > 12.  Have monthly employee awareness meetings training people to "not
> > just click"
> >
> > 13.  Alarm on the building.
> >
> > 14.  Good tape backup with rotation off site.
> >
> > 15.  Kensington phyiscal cable locks on computers in the office to slow
> > burglars down.
> >
> > There... I'll bet you those steps don't cost $8,000 and I just gave you
> > action items rather than giving you a security audit that would tell you
> > that you have weaknesses and then you'd have no budget to do anything
> > about them.
> >
> > I'll send you a bill.
> >
> > A can of Mountain Dew and a promise that you'll hang around this
> > newsgroup.  :-)
> >
> > Susan
> >
> > Roger wrote:
> >
> > > Thanks... those are all great tools.
> > >
> > > Depending on the costs... I'd consider a full blown
> > > security assesment from a company to evaluate my
> > > infrastructure, and even exploit the vulnerabilities they
> > > find within...
> > >
> > > So far, I haven't found a company that's cost effective.
> > > These evaluations are looking to be better then 8k!
> > >
> >
> > -- 
> > http://www.sbslinks.com/really.htm
> >
>
>