Firewall Wizards mailing list archives
Security and Audit Policy
From: Servie Platon <servie_tech () yahoo com>
Date: Sun, 7 Nov 2004 06:38:55 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Security Gurus, When I took over as Sys Ad for this company, I found out there are no security and audit policies in place. I have no way means of getting in touch with the previous guy. Since I have to start from scratch and document everything regarding this network. I feel that this group would be in the best position to give some suggestions as to what I should do or the manner of solving the problem. I have already done the following steps: 1. Enabled Firewall rules on the network and with Win32 clients; 2. Installed Anti Virus Software for the network and enabled automatic updates; 3. Enforced User Permissions for most users; (dilemma) 4. Disabled M$ Outlook and IE and replaced these with Mozilla Thunderbird and Firefox. Problems: 1. I don't know how to keep track of their browsing patterns, some users have intermediate to advanced browsing skills which they can conceal where they have visited such as maybe porn sites and the like. How do I prove my suspiscion and stop them from doing this? I am afraid that by doing so, our network may be trojaned or may have been infected with spyware or may be a zombie now? 2. I wanted to enforce strict user permissions, but my dilemma would be, bosses or managers take it against me or anyone restricting on what they could or not do on their machine. To make a concrete example, I could do an audit policy for all users with less rights to install programs and the like but some of them, listen to radio, download .exe files or shareware without my knowledge. If I enforce this restrictive permissions, they get back on me. If I don't, I am afraid the network is considerably slows down and I think, some machines may be a compromised already unless the bandwidth is being used up by the users. How do I catch them accessing forbidden sites and how do I stop them from doing such and how do I make them with less capacity without them getting furious? 3. Though, I have setup and installed Mozilla Thunderbird and Firefox in each client PCs, most of them still use M$ Outlook and IE. How do I justify and convince them not to use this because of security loopholes and problems? Some are so used to Outlook and IE that they don't want change. Any suggestions, on how to make it less of a burden to administer this network of 12 clients would be appreciated. Thanks very much. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.3.92 (MingW32) - GPGshell v3.23 iD8DBQFBjjNBuG3YFhFblMkRAiXDAKDT0ywwBwfM7qi1VS5HOFPOi3LhkACg6eFg FR5U6VihJqU4Otz7bYyQh9s= =poMj -----END PGP SIGNATURE----- ===== Sincerely, Servie Platon __________________________________ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Security and Audit Policy Servie Platon (Nov 27)
- Re: Security and Audit Policy R. DuFresne (Nov 27)
- Re: Security and Audit Policy gmx (Nov 27)
- Re: Security and Audit Policy Paul D. Robertson (Nov 27)