Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

security concerns

From: Edmund <edmund () belfordhk com>
Date: Sat, 26 Jun 2004 11:31:16 +0800
Hi,

I've been monitoring this ML and have gleamed a
lot of very useful information that can help
me in maintaining the networks that I'm in
charge of.   I am, by no stretch of the word,
a security expert.  While I do know my way
around computers, I'm not how one would call,
a certified network administrator.

I, however, have read some books and have
monitored a lot of sites and have come to
a screeching halt in terms of information
overload.

There's really TOO much stuff that I need to
be concerned with and too many issues that
I need to deal with that I'm starting to
feel overwhelmed by the whole thing.  I am
just a mere one-man IT department keeping
tabs on the network's integrity.

Not being educated in the computer industry
(I have taken a few computer courses during
my first in in university), I don't consider
my knowledge any bit helpful. (Modula-2 anyone?)

Can anyone impart some advice on how to maintain
network integrity while maintaining my own
sanity/wits?  Here's what I normally would
do:

1) Check list of vulnerabilities in most of
the important packages the servers use.

2) If vulnerabilities exist and a patch has
been done, I patch the system.

3) I monitor the firewall for any suspicious
activity. (This is not easy as by default I
suspect all incoming packets.)

4) Protect all Internet-capable systems with
the latest patches and AV products.  So far,
I haven't found a reason to put AT programs
on the systems.

But despite my attempts at securing workstations,
they find it very inconvenient not to have
scripting enabled.  What can I do?

Any help very much appreciated.

Edmund


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: