On 2/3/08, kenw <[EMAIL PROTECTED]> wrote: > I'm looking for expert, objective sources of information on small business > security. > > Experts like Schneier and Ranum are great for making you think. But they > never address managing practical security at sites with one server and no IT > staff on the payroll. (Of course, if your particular hobby horse is the > Most Important Thing, budget is no problem, is it?) > > When I talk to the people "in the trenches", it seems like everybody pushes > their favourite approach which, in most cases, is the only one they really > know. When I go searching on the net, it seems like everybody pushes their > favourite product, which they happen to sell. > > So, is there anybody out there who can speak expertly and objectively on > small business security? Could you point me at 'em, please?
Whatta can 'o worms this opens. I'll give you a couple of places to look, (other than here, which, IMHO is an excellent resource itself). The Security Basics list on securityfocus.com is one place, and so is the Firewall Wizards list (can't remember off the top of my head where it's hosted.) However, the advice you'll get won't really vary, no matter where you get it. And the first thing they'll tell you is that what you need more than anything else is an understanding of what you are trying to protect, and what your threat model is. In the case you describe - a single server and no IT staff - both the resources available (money, knowledge/skills and time) are limited - that's the bad news. The good news is that the threat model is fairly limited as well. Your first line of defense is keeping current with your patching for the server and clients. Second is making sure that they have only a *very* limited number of software packages in use, and locking down the desktops - no local admins. That's more work up front, but it will pay off. Next, good anti-virus/antispyware software on both server and client. Lastly, educate the client(s) - a word to the wise about the dangers will prove useful. If you do those, you're way ahead of most folks. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
