Security Basics mailing list archives

Re: Security Policy-Please help

From: "J. Lambrecht" <jl_post () pandora be>
Date: Thu, 7 Aug 2003 00:56:30 +0200

You don't seem to be completely in the dark on this.

Doesn't matter that much if the network is old or not. Read some
documentation on the hardening of computers and networks. No need to start
and crack away at passwords, even windows has some policy-tools on this.
There are library's out there as well wich enable you to enhance the
security of windows passwords. Sorry, can't remember the name, too long ago.

There's a free version of languard Languard and Ethereal to start with. Be
sure though you have sufficient priviliges to start using these tools. If
you're on a big network they're could be trouble if you're not authorised.
Also, this activity will show to others.

Greets,

Joris

----- Original Message ----- 
From: "Kampanellis Ioannis" <kampanellisI () antenna gr>
To: <security-basics () securityfocus com>
Sent: Wednesday, August 06, 2003 10:07 AM
Subject: Security Policy-Please help


Hi!

I pursue an MSc in System and Network Security and I am currently doing my
internship in a
media group (ieTV, Radio, WebSites etc).My "mission" is to write down a
security policy for
their network.

Basically I know where to start,meaning things such as Anti-Virus etc. The
problem is that their network is not totally new. They have PIX, Packet
Shapers, Anti Virus installed etc. That means that my "job" is getting even
more difficult cause I have to dig and find the details, which is not so
easy for a newbie in security :-(
Another problem is that their systems are based on Windows :-(

Any advices? Where could I start?

Having several thoughts, test the password cracking of the users could be a
good step(I assume). Is there any such tool?or does anyone know where Win2k
stores the password and how it is hashed?

Finally, I am trying to find a tool (freeware) to help me do the auditing
(eg run penetration tests etc) If anyone knows such tool, it woud be great?


Thnx in advance
John

---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Security Policy-Please help Kampanellis Ioannis (Aug 06)
- RE: Security Policy-Please help Kenneth W. Kubiak (Aug 06)
- Re: Security Policy-Please help Bennett Todd (Aug 06)
- Re: Security Policy-Please help J. Lambrecht (Aug 07)
- <Possible follow-ups>
- RE: Security Policy-Please help Jason Armstrong (Aug 06)
  - RE: Security Policy-Please help Jaymz Ringler (Aug 06)
    - RE: Security Policy-Please help kevin (Aug 12)
  - RE: Security Policy-Please help dmwidger (Aug 06)