PaulDotCom mailing list archives
Re: IT Security Topics for Small Business
From: allison nixon <elsakoo () gmail com>
Date: Sun, 2 Dec 2012 22:44:43 -0500
A troubleshooting guide would be helpful. that should include -tools for monitoring network traffic to ensure a compromise has been remediated(more applicable to server compromises where its hard to wipe everything). wireshark/tcpdump -understanding exploit kits and the typical internet crime that small businesses run into. if a small business can get everyone in the habit of using noscript they can prevent the vast majority of crap. -handling host infections and abuse complaints(where some attacker is hijacking your bandwidth and the victims complain to you) user education is a potential advantage for small businesses, because they have much fewer numbers to contend with. Having all due-diligence in a checklist format would be very friendly for time-limited IT people. also a section for the targeted attacks and how to recognize a sustained campaign against you, with the large caveat that this only applies if you're a very large corporation or have somehow managed to involve yourself with a nation state or hacker group, or handle data for someone that has. the only reason for this section is because 99% of the small business people I've seen worried about this aren't likely going to be in the crosshairs, so the paranoia isn't justified. also a section for mistakes small business often makes. i see this stuff a lot, where they think that portscanning is a scary attack, and how you can block attacker IPs on your firewall(or worse, your IPS). or how some want to address every vuln scan individually instead of implementing a proper patching regimen. groan. let us know when it's finished. i want to send it to certain people. -a On Sun, Dec 2, 2012 at 8:00 PM, Hevnsnt <hevnsnt () i-hacked com> wrote:
Something that I find is that small (service-based) businesses often keep way too much client data on field laptops on unencrypted drives. On Dec 2, 2012, at 6:43 PM, Bugbear <gbugbear () gmail com> wrote: I would also mention process < having a process in place for new employes / terminations in regard to user accounts and rights Also hardening the host - OS firewall, local rights, turning off default surfaces On Sun, Dec 2, 2012 at 10:57 AM, TheTolik <thetolik () yahoo com> wrote:I am working on creating a guide to IT Security to help companies without or with a minimal IT budget protect themselves and their customers, and am looking for community's input into the topics that should be discussed. I also see a lot of value in including recommendations for applicable tools/technologies that are easily accessible, easy to use, and yet effective, with strong affinity towards open source, and therefore would be very appreciative for input on per-topic basis. So far in regards to the topics, I have (In no particular order) - Security Awareness and High Level Training - Account Management / Password Management / Local Admin Rights - Email Etiqute, Email Threats, and Email Security - Network and System Vulnerability Scanning/Patching - Network Security (Firewalls) - Backups and Backup Security - Wireless and WiFi Security - System Security, AV/HIPS - Website Security and Web/Application Security Testing - Sensitive Information and Applicable Laws, Regulations, and Compliance Requirements Any valuable input would be greatly appreciated. Thanks, Andy | oxbeef _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- IT Security Topics for Small Business TheTolik (Dec 02)
- Re: IT Security Topics for Small Business Steven Perez (Dec 02)
- Re: IT Security Topics for Small Business TheTolik (Dec 02)
- Re: IT Security Topics for Small Business Bugbear (Dec 02)
- Re: IT Security Topics for Small Business Hevnsnt (Dec 02)
- Re: IT Security Topics for Small Business allison nixon (Dec 02)
- Re: IT Security Topics for Small Business Hevnsnt (Dec 02)
- Re: IT Security Topics for Small Business gold flake (Dec 02)
- Re: IT Security Topics for Small Business Conrad Constantine (Dec 02)
- Re: IT Security Topics for Small Business Arch Angel (Dec 03)
- Re: IT Security Topics for Small Business TheTolik (Dec 07)
- <Possible follow-ups>
- Re: IT Security Topics for Small Business Herndon Elliott (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
- Re: IT Security Topics for Small Business Josh More (Dec 03)
- Re: IT Security Topics for Small Business Brian Erdelyi (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
- Re: IT Security Topics for Small Business Arch Angel (Dec 03)
- Re: IT Security Topics for Small Business Bradley McMahon (Dec 03)
- Re: IT Security Topics for Small Business Steven Perez (Dec 02)