Security Basics mailing list archives
RE: Security Policy-Please help
From: Jason Armstrong <jarmstrong () technicacorp com>
Date: Wed, 6 Aug 2003 14:18:11 -0400
From http://www.sans.org :
What is a security policy? All security and technical training classes talk about the necessity of basing procedures on a good security policy. We need to understand what is meant by policy. For an expansive repository of sample security policies view: "The SANS Security Policy Project" at: http://www.sans.org/resources/policies/ Safeguarding information is challenging when records are created and stored on a computer. Research projects are often excellent resources for security policies. A good sample of one is "Global Incident Analysis Center" at: www.sans.org/y2k/sec_policy.htm To learn how to define a sample security policy see the document "GIAC ISO Practical Assignment, VPN/Extranet Service Provider Security Policy and Procedure" by Jonathan Espenschied at: http://www.giac.org/practical/Jonathan_Espenschied_GISO.pdf For a more advanced point of view check out "Track 10: Sans Security Essentials for Auditors" which is designed for individuals entering the information security industry who are tasked with auditing organizational policy, procedure, risk or policy conformance. http://www.sans.org/onsite/track10.php -----Original Message----- From: Kampanellis Ioannis [mailto:kampanellisI () antenna gr] Sent: Wednesday, August 06, 2003 4:08 AM To: security-basics () securityfocus com Subject: Security Policy-Please help Hi! I pursue an MSc in System and Network Security and I am currently doing my internship in a media group (ieTV, Radio, WebSites etc).My "mission" is to write down a security policy for their network. Basically I know where to start,meaning things such as Anti-Virus etc. The problem is that their network is not totally new. They have PIX, Packet Shapers, Anti Virus installed etc. That means that my "job" is getting even more difficult cause I have to dig and find the details, which is not so easy for a newbie in security :-( Another problem is that their systems are based on Windows :-( Any advices? Where could I start? Having several thoughts, test the password cracking of the users could be a good step(I assume). Is there any such tool?or does anyone know where Win2k stores the password and how it is hashed? Finally, I am trying to find a tool (freeware) to help me do the auditing (eg run penetration tests etc) If anyone knows such tool, it woud be great? Thnx in advance John --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Security Policy-Please help Kampanellis Ioannis (Aug 06)
- RE: Security Policy-Please help Kenneth W. Kubiak (Aug 06)
- Re: Security Policy-Please help Bennett Todd (Aug 06)
- Re: Security Policy-Please help J. Lambrecht (Aug 07)
- <Possible follow-ups>
- RE: Security Policy-Please help Jason Armstrong (Aug 06)
- RE: Security Policy-Please help Jaymz Ringler (Aug 06)
- RE: Security Policy-Please help kevin (Aug 12)
- RE: Security Policy-Please help dmwidger (Aug 06)
- RE: Security Policy-Please help Jaymz Ringler (Aug 06)