Actually, we do, and he is. But, it takes time to change a culture, and he only stepped on board in December.
Working through the mountain of things that need to be fixed will take time. Since he's come on board, we've o- Received new firewalls (PaloAltos), which are being configured, but are not yet deployed o- Received New core switches (jumping from a single HP 3400cl to a pair of Juniper EX4300s), and are in the middle of migrating to them o- Upgraded our VMware cluster from 64gb RAM each to 128gb RAM each o- Are in the middle of a migration from Exchange 2003 to 2010 - I actually had a class for this last week. First class since 1996. o- Performed an early renewal of our EA And there's more to come, including upgrading to Sharepoint 2013, Lync 2013, and lots of other stuff, just to get us current. This, in spite of the fact that we had a horrific year of sales results [1]. Kurt [1] Our Fiscal year starts April 1. We just today RIF'ed 17 people from our US office - since I'm not the IT manager, I didn't learn about it until it happened. I still have a job, which is about the only upside for today. On Tue, Apr 22, 2014 at 5:42 PM, Richard Stovall <[email protected]> wrote: > I thought you had a new CIO/CTO that was relatively clueful? Is that not > right? > > OK, don't answer that. > > > On Tue, Apr 22, 2014 at 8:39 PM, Kurt Buff <[email protected]> wrote: >> >> I can't block attachments, of any kind. I am allowed to quarantine >> "windows executables" and "windows scripts". The machine does scan >> archives. >> >> I can't block on country code. >> >> I am able to use RBLs, and use several - the Barracuda and Zen, mostly. >> >> All users (except me, and that's self-imposed) are admins on their >> machines. >> >> It's pretty appalling - but that's the job. >> >> To be fair, the attachments that are coming through that are nastiest >> aren't direct .exe/.com/.bat, etc. They are MS Office file types, with >> an occasional PDF thrown in for fun. >> >> Kurt >> >> >> On Tue, Apr 22, 2014 at 5:01 PM, Richard Stovall <[email protected]> >> wrote: >> > You can't block *ANY* attachments? >> > >> > That can't be right. >> > >> > >> > On Tue, Apr 22, 2014 at 7:25 PM, Kurt Buff <[email protected]> wrote: >> >> >> >> Your results are more the outcome of your settings to block certain >> >> attachments than to the Barracuda's prowess in AV detection. >> >> >> >> I am not allowed to block attachments, we have a 410, and I regularly >> >> see infectious emails come through. >> >> >> >> Whenever I get an unexpected email with an attachment, I submit the >> >> attachment to >> >> >> >> http://www.threattracksecurity.com/resources/sandbox-malware-analysis.aspx >> >> and to https://malwr.com/ and regularly see results that make me >> >> shudder... >> >> >> >> Those submissions are in parallel to my submission to virustotal, and >> >> invariably the attachment has already been scanned, and nobody has a >> >> signature for it. >> >> >> >> Mostly, I get these from China (or at least the emails use Chinese >> >> character sets.) >> >> >> >> >> >> Kurt >> >> >> >> On Tue, Apr 22, 2014 at 4:13 PM, Kennedy, Jim >> >> <[email protected]> wrote: >> >> > >> >> > "Email AV gateway appliance (vm or physical) (Trend, Barracuda, >> >> > etc.)" >> >> > >> >> > Specifically a Cuda. Only one email virus in a decade of using them. >> >> > I >> >> > block >> >> > exe's, password protected zips and the usual suspect file types with >> >> > it, >> >> > that certainly helps. >> >> > >> >> > >> >> > ________________________________ >> >> > From: [email protected] [[email protected]] >> >> > on >> >> > behalf of Stringham, Steven [[email protected]] >> >> > Sent: Tuesday, April 22, 2014 5:53 PM >> >> > To: [email protected] >> >> > Subject: [Exchange] Antivirus placement - Exchange 2010 >> >> > >> >> > Antivirus software and Exchange 2010 – where should I put it? I am >> >> > looking >> >> > at this as a performance, security balancing act. So, my thoughts >> >> > are >> >> > where >> >> > do you folks put it. A little poll please… >> >> > >> >> > >> >> > >> >> > ____ AntiSpam outside service – before my internal systems see it. >> >> > >> >> > >> >> > >> >> > ____ Email AV gateway appliance (vm or physical) (Trend, Barracuda, >> >> > etc.) >> >> > >> >> > >> >> > >> >> > ____ Edge Gateway role servers >> >> > >> >> > >> >> > >> >> > ____ Hub Transport servers >> >> > >> >> > >> >> > >> >> > ____ Mailbox servers >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > Personally, I think this is a bit of an all of the above type thing, >> >> > but, >> >> > where would you put AV for Email. >> >> > >> >> > >> >> > >> >> > And, do you use separate brands for different spots? >> >> > >> >> > >> >> > >> >> > Thanks >> >> > >> >> > Steven Stringham >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > ________________________________ >> >> > >> >> > This message and any attachments are intended only for the use of the >> >> > individual or entity to which they are addressed. If the reader of >> >> > this >> >> > message or an attachment is not the intended recipient or the >> >> > employee >> >> > or >> >> > agent responsible for delivering the message or attachment to the >> >> > intended >> >> > recipient you are hereby notified that any dissemination, >> >> > distribution >> >> > or >> >> > copying of this message or any attachment is strictly prohibited. If >> >> > you >> >> > have received this communication in error, please notify us >> >> > immediately >> >> > by >> >> > replying to the sender. The information transmitted in this message >> >> > and >> >> > any >> >> > attachments may be privileged, is intended only for the personal and >> >> > confidential use of the intended recipients, and is covered by the >> >> > Electronic Communications Privacy Act, 18 U.S.C. §2510-2521. >> >> > >> >> > In accordance with Internal Revenue Service Circular 230, we advise >> >> > you >> >> > that >> >> > if this message or any attachments contains any tax advice, such tax >> >> > advice >> >> > was not intended or written to be used, and it cannot be used, by any >> >> > taxpayer for the purpose of avoiding penalties that may be imposed on >> >> > the >> >> > taxpayer. >> >> >> >> >> > >> >> >
