Security Basics mailing list archives

RE: What to buy?

From: "Valin, Christian" <Christian.Valin () ncogroup com>
Date: Wed, 23 Feb 2011 07:49:51 -0500
My two cents:

You've received all good advice so far; let me add now one more thing.
Have a policy published if there isn't one already about the "acceptable
and unacceptable use of the Internet and company resources" published
and acknowledged by employees.

This way, no matter what work-around someone finds against things like a
proxy server or using private IPs (RFC-1918), you can always say "you
knew you must not do that because you acknowledged the policy"

Christian Valin, CISSP CISA CCNP


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of David Gillett
Sent: Tuesday, February 22, 2011 1:35 PM
To: 'security basics'
Subject: re: What to buy?


  With IPv4 space practically exhausted, your users should probably be
on a
private range (per RFC 1918) with NAT or PAT at your gateway.  So their
IP
addresses won't do an outsider any good.  Similarly, MAC addresses
aren't
visible (or usable) past any router, so the only people who could
exploit
them are already inside your network.

  So far as I can tell, the most common way people get "hacked" on
FaceBook
is that someone steals their PASSWORD, not their IP address.  Read up on
"Firesheep" to see how easy that has been; theoretically, at least,
users
can now protect themselves by using HTTPS instead of HTTP to connect to
FB.

  Books:  I'd suggest starting with CCNA-level coverage of TCP/IP, and
Ross
Anderson's "Security Engineering".

David Gillett, CISSP CCNP


-----Original Message-----
From: Just1n [mailto:hotpackets () hellokitty com]
Sent: Sunday, February 20, 2011 16:22
Cc: recipient list not shown:
Subject: What to buy?

Hows it going security gurues.

My job is now taking on the security responsibilityes for my network. We
have nearly 250 pcs on the network and theres about 30 macs too (ugh). I
was
just doing the network before this but the security guy got fired on the
weekend after getting caught with drugs.

My boss wants to stop people being able to post their IP number on the
internet. I was telling him that you have to worry about the MAC numbers
getting posted too, otherwise you can get hacked using them if the
hackers
get those numbers. Most people dont really know thats how you can get
hacked
on facebook or some of the forums (especially php forums).

If I wanted to buy something to block these getting posted, what would
be
the best? Or should I look into doing it myself with linux?? Any good
books
you think I should read about this?

Thanks in advance,
Justin


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide
we
examine the importance of Apache-SSL and who needs an SSL certificate.
We
look at how SSL works, how it benefits your company and how your
customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Current thread:

What to buy? Just1n (Feb 22)
- Re: What to buy? John Skinner (Feb 22)
  - Re: What to buy? JB JB (Feb 23)
- <Possible follow-ups>
- re: What to buy? David Gillett (Feb 22)
  - RE: What to buy? Valin, Christian (Feb 23)
  - Re: What to buy? Michael Peppard (Feb 23)
- Re: What to buy? krymson (Feb 22)