First point Steve is that this is going to take a lot longer than three months to do. You have to change a culture and this is the biggest problem.
OK, the first point is to set the wheels in motion to make a security policy that states that anyone breaching you security policy will be disciplined. This alone will take about a years to get finalised and get buy in once the internal politics have settled. Whilst this is going on you have to control the entry exit point from your network (ie a firewall). This alone is going to open up a huge debate between different factions resident in this list. Basically if you have to rely on what knowledge you have (Which you haven't stated, so that would be a help to assisting you). Once you have control of your network you have to sort out your internal network. Can you standardise your workstations at all? Can you implement user/group policies? You have to assume that your network has been compromised, which can be sorted by introducing a firewall. Then all your systems should really be rebuilt in this case after backing up all critical data. Sorry, the list will go on. As you are in a uni, then you will have crackers/hackers call them what you will there. Try and use them to help you. If they can help you and you can testify to this, then they will earn a lot of money in the security market afterwards (A very good selling point). Try and segment your networks further to prevent one breach form affecting all others by using VLANs. This is going to patience and time as the song goes. Good luck Des -----Original Message----- From: Steve Frank [mailto:[EMAIL PROTECTED] Sent: 25 June 2003 12:56 To: [EMAIL PROTECTED] Subject: Oh Dear, Where to start?! Hey everyone, Ok... I am in a bit of a jam here and I was hoping to get some feedback from some of you with appropriate experience in the field of network security and policy development. I am an senior at RIT studying (essentially) systems administration. My main focus and priority has been computer security and policy development. I recently took a internship with a small government office helping out with computer administration tasks. Upon arrival, I decided it would be fun to do a windows update to see what sort of things would come up for my PC. Low and behold, there were over 40 critical updates, driver updates, and recommended updates. Right off the bat this triggered the feeling that there was absolutely no security or update plans in place at this particular organization. I quickly addressed the issue, and have been working to draft a comprehensive security policy and implement technical controls. What I need advice on is the following: If you were introduced to a mixed network (literally all versions of windows since 3.1 and mac systems) that have no updates, backups, or patches installed... connected to a network with only a basic NAT table and no other security... with not even anti-virus software enabled... with no user policies or disaster plans in place... with unprotected netbios shares everywhere... where would you start the process of building some sort of security solution? I mean, I've seen passwords on monitors, shared accounts, open public ports (even the wiring cabinet was unlocked in plain view of passbys to the building). I've been tasked with creating the security policies relating to internet use, network and phone use, passwords, physical security, backup/disaster plans, antivirus, incident response, email use/protection, and whatever else needs done. This wouldnt be so bad normally I guess, but there is virtually no budget allocated to help for this project and I have approximately 3 months to do it. To make matters worse, I am also responsible for systems admin, network admin, tech support, programming, and whatever other tasks may need to be done in the meantime. So basically, if you had to start from nothing, where would you start first? What would you consider to be the most important things to be implemented? I am literally working from ground zero here... heh! Thank so much in advance ;-) Steve Frank ---------------- President SPARSA Security Practices and Research Student Association Rochester Institute of Technology __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
