Security Basics mailing list archives
RE: Small business IT security
From: "Brian J. Bartlett" <security () navyonline us>
Date: Tue, 14 Nov 2006 14:53:05 -0800
Jonathan: While I was serving in the US Navy, this was something we had to deal with all the time and you can imagine that we were deeply concerned with infosec. As a field engineer that would require on-site access at the administrative level, the policy was that I would have a separate administrative account at whatever level was required with a password known only to me. When I left the site, the account would be deactivated. This worked out to be the best of all *possible* worlds for we roving field engineers since we knew what our on-site password was (we shared one) yet it was unknown by site personnel and the account was only active while we were on-site. If off-site access over the internet or dial-up access is required that opens up other issues which can be discussed. [Actually, if I was on-site, there wasn't a d--- thing you could do to stop me from taking your network, but we will ignore that issue for now. My toolsets have always been that good. Remember this dictum, without physical security, you have no security.] -Bri "The most deadly words for an engineer: 'I have an idea.'" -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jonathan () gatewaysa com Sent: Saturday, November 11, 2006 2:30 PM To: security-basics () securityfocus com Subject: Small business IT security Hi I dont know if this is the correct place to post this. I am doing some work for a small company with around 80 pc's. They dont have any inhouse IT staff and use an out side little computer dealer for all their work. These guyse look after everything from the pc's to the servers to the network. They obviously have all the admin passwords etc and if somehting needs to be repaired they take it to their workshop where one of the technicians will repair it. This It shop also does work for one of the competitors as well as a few customers. I know all the security risks but short of hiring someone in house what else could be done to ensure they Information Security. Thanks Jonathan --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Small business IT security jonathan (Nov 14)
- RE: Small business IT security Marc (Nov 15)
- Re: Small business IT security Matthew J. Coffman (Nov 15)
- Re: Small business IT security Colin Copley (Nov 15)
- RE: Small business IT security Brian J. Bartlett (Nov 15)
- Re: Small business IT security Christian Simatos (Nov 15)
- Re: Small business IT security Dave Ockwell-Jenner (Nov 15)
- <Possible follow-ups>
- Re: Small business IT security krymson (Nov 15)
- Re: Small business IT security red . bull . x (Nov 15)
- Re: Small business IT security bitshield (Nov 15)
- Re: Small business IT security jonathan (Nov 17)
- RE: Small business IT security Marc (Nov 15)