On Fri, 18 Jul 2003, at 12:26pm, [EMAIL PROTECTED] wrote:
> Does a small to medium sized company with no particular high-sensitivity
> data need...encryption, authentication beyond Windows security, VLANs,
> ACLs on routers, etc?
More information is needed to answer that question. Security is one of
those things that really requires a "whole picture" familiarity with all
aspects of your operation. It isn't a single product that you can install
and call it done. ("Security is a process, not a product.")
I will say this: I have found that, in most small companies, the security
weaknesses are not ones that can be solved by installing a firewall, or IDS,
or AV software, or whatever. More often, the security weaknesses are in
policy, procedures, and education. People don't take security seriously.
People write passwords down and stick them on their monitor. People use the
same password on more then one system. People use easy to guess passwords.
People share their passwords with others. Workstations aren't locked down.
Users have more permissions then they need. Software isn't evaluated for
security impact before being installed. And so on and so forth.
Find your problems yourself. Then look for products that help you solve
those problems. Not the other way around. :-)
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind. |
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
