Security Basics mailing list archives
RE: Help with guidlines
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 7 Dec 2006 16:04:13 -0800
Cisco refers to these rogue/departmental "IT" functions as "shadow IT", and has adopted a corporate policy of rooting them out and either assimilating them or getting rid of them. Last I heard, actual progress was slow as departments are, of course, loathe to trust the corporate IT department.... (It's not that I don't understand and sympathize with the *problem* that these user departments face. I'm just certain, bolstered by anecdotes like this, that this particular "cure" is often worse than the original disease(*).) (*) which, in turn, I suspect results from too many IT employees who aren't really trained in IT and don't really want to do it -- they're getting paycheques and something that looks kinda like experience while waiting for a "real" programmer or design job to open up. David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chris Barber Sent: Wednesday, December 06, 2006 3:33 PM To: security-basics () securityfocus com Subject: Fwd: Help with guidlines Hi all, First I would like to apologize if this has been asked and answered on the list before. Here is my situation: I work for a very large organization with several "IT Departments". There is the Enterprise IT staff and they are in charge of all services and functions that are company wide, E-Mail, Internet Access, Network infrastructure, Network security, etc. The other departments then have there own LAN Admin staff that handle the day to day network activities. I am relatively new to the company and have recently learned that the LAN Admin staff for the different departments all handle things in their own way, not always following best practices. The latest disaster was just a few days ago when our sales dept. LAN admins were setting up 50 new laptops for the sales force. All 50 laptops were on the network while 3 LAN Admins rotated from unit to unit installing updates and new software. Don't ask me why they were doing this the hard way, but they were. Now, one of the LAN admins from Product development came to me with an issue he was having with a programmers Laptop. The Programmer brought it in and said that it was "Acting funny". When I asked him what he had done so far, his response was "After connecting it to the network, I looked at the DHCP settings, then started a defrag, and poked around in the control panel, Add/remove programs, etc. I have been working on the PC for several hours now, and..." My jaw hit the floor. Yeah, we now have 50 brand spanking new Laptops hot off the truck from Dell, all of them infected with... well as it turns out only 5 different virus/worms. Enough of my ramblings and to the point of my E-Mail to the group... Does anyone have a set of written guidelines or whathaveyou that they would be willing to share with me and/or the group or point me in the direction of a web site that has something to get me started it would be most appreciated. Thanks in advance (Professionally Frustrated) Chris. -------------------------------------------------------------- ------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=s fmaildetect -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Fwd: Help with guidlines Chris Barber (Dec 07)
- RE: Help with guidlines David Gillett (Dec 08)
- Re: Help with guidlines Justin Lintz (Dec 08)
- Re: Help with guidlines Chris Barber (Dec 08)
- <Possible follow-ups>
- RE: Help with guidlines Mark Palmer (Dec 08)
- Re: Re: Help with guidlines krymson (Dec 12)