Re: Proxy server hit... Any ideas?

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Mike Cain wrote:
> Yeah, the box came to me basically because the guy above me doesn't have
> a clue about NT or about ANY security... Bad timing I guess or good
> depending on how you look at it... I have just got back from meeting
> with management to suggest some policies, now they want me to write an
> IT policies handbook, guess I asked for that one huh? :)
>
> So where should I start looking for de-facto policies, and such? Or
> should I just use my best judgment? I'm thinking the latter is a bad
> idea because if one doesn't pan out, then they say, "Well... YOU wrote
> them..." :)
>
> Again, thanks SO MUCH for all the responses. Groups like this make
> learning the security scene A LOT less painful.

There is a small, but useful book that you can purchase for a nominal sum
from the SAGE portion of usenix.  I truly recommend it.

http://sageweb.sage.org/resources/publications/short_topics.html

It is short topics #2, entitled "A Guide to Developing Computing Policy
Documents." I also recommend (for this group) the short topics booklets on
"#6: A System Administrator's Guide to Auditing," and "#3: System Security:
A Management Perspective," which are also useful to anyone in the security
industry, regardless of experience level.

--
Only the mediocre are always at their best.
                Jean Giraudoux

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com