Re: Information Security

[Matthew Webster <awakenings () mindspring com>]

CHarles,

    Change Management is very important.  The big news for hardening servers / workstations and soon network devices, 
databases etc. is the Federal Desktop Core Configuration (FDCC) being designed from NIST.  Read up on that, but that is 
going to be the top dog for securing systems.  There are a few products that offer configuration management out there 
for the FDCC.  Good luck!

Matt

-----Original Message-----
> From: Charles Hardin <fonestorm () gmail com>
> Sent: Dec 13, 2007 8:03 PM
> To: security-basics () securityfocus com
> Cc: pen-test () securityfocus com, wifisec () securityfocus com
> Subject: Information Security
>
> A few months ago I joined a medium sized company as a systems admin.
> The company's prior IT team did little in the forms of maintenance and
> nothing in the form of security. I come from an administration
> background but only common sense when it comes to decent security.
> There are shared domain admin passwords, shared user logons and many
> users have local admin on their pcs. I know best practice is to
> separate the admins from the security team but this company views IT
> as a necessary evil, ie theres 4 IT techs for 7 sites and around 500
> pc users spread across the sites, all techs being at corporate. These
> issues are being addressed but what I would like to know from the
> community is the following:
>
> Id like to assemble a toolkit both for gaining security control and
> then maintaining it. Also pointers as to best practices and the like
> would be most appreciated.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------