Re: Security and Audit Policy

[gmx <carpathin.wolf () gmx net>]

Hello Servie,

I will try to give you my opinion, maybe also between the lines..

Sunday, November 7, 2004, 3:38:55 PM, you wrote:

<==============Original message text===============
SP> -----BEGIN PGP SIGNED MESSAGE-----
SP> Hash: SHA1

SP> Hi Security Gurus,

SP> When I took over as Sys Ad for this company, I found
SP> out there
SP> are no security and audit policies in place. I have no
SP> way means
SP> of getting in touch with the previous guy.
Thats a har work for you... but not impossible

SP> Since I have to start from scratch and document
SP> everything
SP> regarding this network. I feel that this group would
SP> be in the
SP> best position to give some suggestions as to what I
SP> should do or
SP> the manner of solving the problem.
Documenting is a good start, take also a look for checklists (google)
and be cofidential with www.cert.org . There you might also find some
good suggestions.

SP> I have already done the following steps:

SP> 1. Enabled Firewall rules on the network and with
SP> Win32 clients;
SP> 2. Installed Anti Virus Software for the network and
SP> enabled
SP> automatic updates;
SP> 3. Enforced User Permissions for most users; (dilemma)
SP> 4. Disabled M$ Outlook and IE and replaced these with
SP> Mozilla
SP> Thunderbird and Firefox.
Good start point... but how do the email clients connect ?
Do you have a central mailserver which the clients are connecting ?


SP> Problems:

SP> 1. I don't know how to keep track of their browsing
SP> patterns,
SP> some users have intermediate to advanced browsing
SP> skills which
SP> they can conceal where they have visited such as maybe
SP> porn
SP> sites and the like. How do I prove my suspiscion and
SP> stop them
SP> from doing this? I am afraid that by doing so, our
SP> network may
SP> be trojaned or may have been infected with spyware or
SP> may be a
SP> zombie now?
Well... i cant say if you are 100% allowed to check their trafic, but
you can install some tools and see the browsing behaviour (MS SBS ISA
does have such tool integrated), i am sure you can find some cmpatible
tools also in the web.

SP> 2. I wanted to enforce strict user permissions, but my
SP> dilemma
SP> would be, bosses or managers take it against me or
SP> anyone
SP> restricting on what they could or not do on their
SP> machine. To
SP> make a concrete example, I could do an audit policy
SP> for all
SP> users with less rights to install programs and the
SP> like but some
SP> of them, listen to radio, download .exe files or
SP> shareware
SP> without my knowledge.
Thats a wrong way... you started good, but you missed the human
component.

SP> If I enforce this restrictive permissions, they get
SP> back on me.
SP> If I don't, I am afraid the network is considerably
SP> slows down
SP> and I think, some machines may be a compromised
SP> already unless
SP> the bandwidth is being used up by the users. How do I
SP> catch them
SP> accessing forbidden sites and how do I stop them from
SP> doing such
SP> and how do I make them with less capacity without them
SP> getting
SP> furious?
Easy : You dont tell them what to do, you ask them what they want.
You ask about their fears... the users must have the feeling that the
admin is the one who is on their side, not against them. Use your
knowledge to explain the management what costs can arise in case of an
intrusion, and why you must solve it taht way.
You can do some small seminars, and explain to the users about seafe
browsing, its all up to you, but as an admin, you must get the company
on your side.. thats what the harder part for an admin is.

SP> 3. Though, I have setup and installed Mozilla
SP> Thunderbird and
SP> Firefox in each client PCs, most of them still use M$
SP> Outlook
SP> and IE. How do I justify and convince them not to use
SP> this
SP> because of security loopholes and problems? Some are
SP> so used to
SP> Outlook and IE that they don't want change.
Explain them that during some seminars, explain also why you dont
recommend outlook, but you must have the management 'behind you' ,
because you cannot assert any policy or guidelines, without the
approval and help/cooperation of the management.

SP> Any suggestions, on how to make it less of a burden to
SP> administer this network of 12 clients would be
SP> appreciated.
I hope i could give you a few sugestions.

SP> Thanks very much.

SP> -----BEGIN PGP SIGNATURE-----
SP> Version: GnuPG v1.3.92 (MingW32) - GPGshell v3.23

SP> iD8DBQFBjjNBuG3YFhFblMkRAiXDAKDT0ywwBwfM7qi1VS5HOFPOi3LhkACg6eFg
SP> FR5U6VihJqU4Otz7bYyQh9s=
SP> =poMj
SP> -----END PGP SIGNATURE-----


SP> =====
SP> Sincerely,
SP> Servie Platon


                
SP> __________________________________ 
SP> Do you Yahoo!? 
SP> Check out the new Yahoo! Front Page. 
SP> www.yahoo.com 
 

SP> _______________________________________________
SP> firewall-wizards mailing list
SP> firewall-wizards () honor icsalabs com
SP> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

<===========End of original message text===========



-- 
Best regards,
 gmx                            mailto:carpathin.wolf () gmx net

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards