Security Basics mailing list archives
security concerns
From: Edmund <edmund () belfordhk com>
Date: Sat, 26 Jun 2004 11:31:16 +0800
Hi, I've been monitoring this ML and have gleamed a lot of very useful information that can help me in maintaining the networks that I'm in charge of. I am, by no stretch of the word, a security expert. While I do know my way around computers, I'm not how one would call, a certified network administrator. I, however, have read some books and have monitored a lot of sites and have come to a screeching halt in terms of information overload. There's really TOO much stuff that I need to be concerned with and too many issues that I need to deal with that I'm starting to feel overwhelmed by the whole thing. I am just a mere one-man IT department keeping tabs on the network's integrity. Not being educated in the computer industry (I have taken a few computer courses during my first in in university), I don't consider my knowledge any bit helpful. (Modula-2 anyone?) Can anyone impart some advice on how to maintain network integrity while maintaining my own sanity/wits? Here's what I normally would do: 1) Check list of vulnerabilities in most of the important packages the servers use. 2) If vulnerabilities exist and a patch has been done, I patch the system. 3) I monitor the firewall for any suspicious activity. (This is not easy as by default I suspect all incoming packets.) 4) Protect all Internet-capable systems with the latest patches and AV products. So far, I haven't found a reason to put AT programs on the systems. But despite my attempts at securing workstations, they find it very inconvenient not to have scripting enabled. What can I do? Any help very much appreciated. Edmund --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- security concerns Edmund (Jun 28)