Compared to best practice, you all would shudder at some of what I come across. I do support some law offices ( a few that do real estate closings ) as escalation for their normal IT consultants. I *always* call before showing up, and I tell them I'm going to plug into their firewall to reconfigure their security, and so far no one has said more than 'OK' ... I always repeat my name, and contact at their head office they can verify my identity with, but they never do. And not one single site I've been to in the last two years has objected to me bringing my laptop to their network, nor even want to check for proper antivirus and such before allowing me to plug in ... And no one yet has had me sign any NDA either ... Kind of sad, really
Erik Goldoff IT Consultant Systems, Networks, & Security _____ From: Sherry Abercrombie [mailto:[email protected]] Sent: Tuesday, July 07, 2009 12:52 PM To: NT System Admin Issues Subject: Re: Win2003 DC on Win2000 domain Agree with best practices, but with personal experience in dealing with consultants, we make them sign a contract/NDA that prohibits them from using any information or disclosing it outside our organization. On Tue, Jul 7, 2009 at 11:47 AM, Erik Goldoff <[email protected]> wrote: With all due respect, if they cannot trust a network security engineer that helps to maintain and improve their security ( have remote access to firewall and TS ) then they may as well still run on paper. Their internal security knowledge, as well as any BCP is practically non-existant. But from a best practices perspective, you are right. Erik Goldoff IT Consultant Systems, Networks, & Security ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
