Security Basics mailing list archives
Re: security in small business networks
From: krymson () gmail com
Date: 11 Sep 2006 14:34:36 -0000
A few more things you can check/do on your servers and workstations from a security standpoint (I assume you have some time available to do this stuff): - Check for rogue admin accounts on the workstations or servers. Or at least check for a way to quickly dump this info from your systems when you're on site, such as with Hyena, Dameware, MBSA/Nessus may even do this for you, or a multitude of other scripts with less extraneous bells and whistles. - Change your firewall and router passwords, change server local admin passwords, etc. Make password rotation a regular thing (every month up to every 6 months or so). I know some people will cry out about how 6 months is too long, but most small companies don't need to be overzealous. - Since you're likely not on site all the time, you might end up troubleshooting week-old issues. At least on your servers, turn on auditing and set your event logs to use larger event logs. This way you can go back farther. You can Google Windows 2003/2000 Event Logs for more info on how to do that and what settings you can use. - Manage patching using WSUS. I bet you have everything set to automatically update, though, so this might not be much of a benefit, but is still useful to learn, especially if you have extra servers or some room on a current server at a client site. - Run MBSA or Nessus (NeWT for Windows) against systems when you're on site, just to get a lay of the land on how your systems look. Research the results and learn more about things you might be able to do. First do MBSA, as Nessus is a bit noisier. You might even be able to nmap the network just to gain information and get used to using nmap. - Fully document the firewall rules at each site so that you or someone else can quickly see what is allowed and needs to be protected, and what may have changed since last you were there. Continuously log changes you make over time. - I'll always point first to documentation and information when it comes to systems and security. Document the inventory if that is something you are even partially responsible for. Document naming standards for workstations and systems, accounts, services on servers, warranty information if necessary, etc. Get in the habit of always having good information nearby if this isn't already done. Network diagrams with IP blocks and assignments is also amazingly useful. Forensics is a bit touchier of a subject. If a customer has an incident that is dangerous or critical enough to make you ask whether you should check into it or the FBI/Police, chances are you should first start with the FBI/Police. But if you find other smaller incidents like internal virus or spyware infections and the like, you hone some forensics skills if you'd like. Find a way that works for you to image the system(s) affected, and work with that image. Document everything, keep artifacts (printouts or processes, files, access times, or even actual virus files [carefully!]), and then make yourself a report of cause, effects, and cleanup afterword. This is a start and at least gets you in the mindset of what it all entails. By this time, you may find you enjoy this a lot and have found your own resources on the net for more information. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- security in small business networks robert (Sep 08)
- Re: security in small business networks crazy frog crazy frog (Sep 09)
- Re: security in small business networks Machiavel (Sep 11)
- <Possible follow-ups>
- Re: security in small business networks krymson (Sep 11)
- Re: security in small business networks crazy frog crazy frog (Sep 09)