Re: Enterprise security review & design

[krymson () gmail com]

Your list makes me wonder where this all came from. Each one of your bullet points is a good-sized project from the 
size of your userbase, and could conceivably be a single job for someone, especially if you want agility into the 
future if you have planned growth. Volumes could be written on any one of the items below, but I'll just quickly 
scattershot some ideas and products you could use to start your research and projects. One disclaimer: I may be wrong 
in some of the uses of certain products that I have not personally use, but since I can't actually solve any of these 
issues for you, I just really want to give some direction. Some leads are better than silence.


- Provide a solution for assets inventory, in terms of OS & Apps
GFI; Windows IT Pro recently had an issue (currently still on display at Barnes & Noble) that had an overview of CCM 
products. One of the aspects of a good CCM product is the ability to take inventory of systems. LANDesk is a popular 
example.

- Provide an automated vulnerability assessment tool, which will
regularly scan the clients and provide a means to correlate & prioritize
vulnerabilities 
MBSA, Nessus, GFI...sounds like you have money to spend though, so maybe shoot for the moon and go for ISS

- Provide the ability to a content security solution that will
protect the business from Spyware, viruses, malicious code, spam, email
abuse, P2P, IM; am especially concerned with spam, P2P & IM
SurfControl may help with web-based malware or even WebSense, maybe McAfee suite will help with email spam at the 
gateway, although I don't know what to recommend due to not knowing whether you host your email or not, or what you 
currently use. Drop all users down to a non-admin role, or run a terminal environment with Citrix, or virtual machines. 
User training...

- Ability to plan & automate the implementation of OS &
applications patches, while providing a history of such updates
WSUS, but it won't give you a history, necessarily.
Altiris for applications and further robustness, and other CCM products perhaps.

- deploy a client based Firewall & IDS/IPS applications with
centralized administration console
McAfee ePolicy Suite

- deploy a content filtering application for web pages, which will
generate reports on internet usage per user
SurfControl, but keep in mind trying to generate someone's internet usage via just web page surfing is very simplistic, 
but you can get an inventory of the pages they visit and how often.

- deploy a network forensics application, from the OS level
{failed logins, access violations...} to the network infra level
GFI, syslog, LogLogic appliance

- deploy a network management application that will help me
identify bottlenecks
SolarWinds may do this?

- WLAN management application to secure access to APs
Cisco should have software to support you, but if you're serious about this and spending the money, may as well 
eliminate all those Linksys and upgrade to Cisco all around.

- Bandwidth consuming applications visibility; i.e. I need to
monitor which applications, and which users, are consuming my WAN
connections
Solarwinds may assist with this, I am not sure.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------