|
Posted by Rob McShinsky on October 19, 2005, 2:35 pm
Please log in for more thread options
After a recent virus problem at our establishment and some considerable
downtime for some major systems, our managment has decided to go the way of
the IBM commercial. Throw money at the problem. We have been charged with
finding the security products that will help protect our environment. They
have assigned some arbitratry dollar amount and have said they want a
decision on what to buy in 30 days. That ought to give us plenty of time to
evaluated multiple vendors security products...ya right. Got to love
management. Anyway instead of just searching out there blindly, I thought I
would see what you might suggest. We are looking for Network level, server
and client level security products. Some info about our environment is
below:
5500 Workstations (Windows NT - XP)
250 Servers (Windows, Unix, VMS, Linux)
6500 Users
Many sites (Slowest WAN link is a T1)
Mostly Cisco Switches, Routers, Access Points
Items Already Invested In: (Landesk, WSUS, LanGuard, Checkpoint Firewall,
Symantec Corporate edtion)
Items we are looking at or evaluated (Sygate, StealthWatch)
Any Thoughts?
|
|
Posted by Chris Weber [Security MVP] on October 19, 2005, 12:55 pm
Please log in for more thread options
You should start by categorizing the assets you are trying to protect, in
terms of 1) data and 2) system resources. Where are the databases? Where
are your resources such as perimeter VPNs, internal domain controllers. By
putting this question out there, you make me want to sit down with you for
about an hour or two to hash out exactly where you are in terms of security
controls, and where you need to be.
You need authentication controls, network controls, application controls,
etc. Is A/V your only concern here? It doesn't look like it from the two
products you are currently evaluating.
Security is mostly human partly technology so you may need to tell
management to hire an extra brain or two, or get some consultants in there
to help you figure out a plan.
--
Chris Weber
Security MVP
> After a recent virus problem at our establishment and some considerable
> downtime for some major systems, our managment has decided to go the way
> of the IBM commercial. Throw money at the problem. We have been charged
> with finding the security products that will help protect our environment.
> They have assigned some arbitratry dollar amount and have said they want a
> decision on what to buy in 30 days. That ought to give us plenty of time
> to evaluated multiple vendors security products...ya right. Got to love
> management. Anyway instead of just searching out there blindly, I thought
> I would see what you might suggest. We are looking for Network level,
> server and client level security products. Some info about our
> environment is below:
>
> 5500 Workstations (Windows NT - XP)
> 250 Servers (Windows, Unix, VMS, Linux)
> 6500 Users
> Many sites (Slowest WAN link is a T1)
> Mostly Cisco Switches, Routers, Access Points
> Items Already Invested In: (Landesk, WSUS, LanGuard, Checkpoint Firewall,
> Symantec Corporate edtion)
>
> Items we are looking at or evaluated (Sygate, StealthWatch)
>
> Any Thoughts?
>
|
|
Posted by Steven L Umbach on October 21, 2005, 10:36 am
Please log in for more thread options How about training and awareness investment?? You already seem to have some
pretty good tools. If you have not read the Threats and Countermeasures
Guide and the Antivirus in Depth Guide those are places to start and free.
For minimum investment buy the Windows Security Resource Kit second edition
and Protect Your Windows Network: From Perimeter to Data.
http://www.microsoft.com/technet/security/default.mspx
http://www.bookpool.com/sm/0735621748
http://www.bookpool.com/sm/0321336437
Review practices such as enforcing complex passwords, how often passwords
are changed including local administrator accounts, not allowing domain
administrators to logon to domain computers that are not known to be secure,
reviewing who is in the administrator groups for the domain and if they are
needed, capable, and disciplined, banning internet browsing and email
checking on servers, restricting who can logon to a server and auditing
such, not sharing user accounts, etc.
Some of the best tools are free. Microsoft Baseline Security Analyzer can be
used to check for basic vulnerabilities, Group Policy can be used to enforce
computer configuration including security settings, user rights, ntfs
permissions, and services. On XP Pro and Windows 2003 computers Software
Restriction Policies can be implemented which are very effective at
restricting what can be run on the computer including malware. Ipsec is a
very powerful tool in securing the domain and MS has a white paper on using
it for "domain isolation". Ipsec can prevent computers from accessing a
server if it can not authenticate with the computer first. If done right
this can help immensely. Ipsec however takes planning and testing to make
sure everything works right and there are special needs for domain
controllers. The link below is to that white paper. Another investment worth
doing would be to consider implementing smart cards for all domain level
administrator accounts and require that they be used in security policy. You
would only need to install smart card readers on domain computers they need
to logon to. --- Steve
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/default.mspx
--- ipsec isolation
> After a recent virus problem at our establishment and some considerable
> downtime for some major systems, our managment has decided to go the way
> of the IBM commercial. Throw money at the problem. We have been charged
> with finding the security products that will help protect our environment.
> They have assigned some arbitratry dollar amount and have said they want a
> decision on what to buy in 30 days. That ought to give us plenty of time
> to evaluated multiple vendors security products...ya right. Got to love
> management. Anyway instead of just searching out there blindly, I thought
> I would see what you might suggest. We are looking for Network level,
> server and client level security products. Some info about our
> environment is below:
>
> 5500 Workstations (Windows NT - XP)
> 250 Servers (Windows, Unix, VMS, Linux)
> 6500 Users
> Many sites (Slowest WAN link is a T1)
> Mostly Cisco Switches, Routers, Access Points
> Items Already Invested In: (Landesk, WSUS, LanGuard, Checkpoint Firewall,
> Symantec Corporate edtion)
>
> Items we are looking at or evaluated (Sygate, StealthWatch)
>
> Any Thoughts?
>
|
|
Posted by Roger Abell [MVP] on October 26, 2005, 11:18 pm
Please log in for more thread options Please do not misunderstand this, but the issue sounds to be
misunderstood by management. They should be investing in
their people and on-staff skillset and time to use it as they know
best to do. Buying anything is useless if unused/misused, and,
as Steve indicates, there is very much that can be done just by
configuring what MS dellvers (technology and guidance/practices)
particularly when combined with user awareness (user training)
and policy (advertisement and enforcement)
Let me say this again, succinctly, just in case you want a quote
for your management. The investment should be in the IT people,
their skills, and their time to do things well; and some also should
be in making a corporate policy known that is enforced and that
does encourage appropriate user actions.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
MCDBA, MCSE W2k3+W2k+Nt4
> After a recent virus problem at our establishment and some considerable
> downtime for some major systems, our managment has decided to go the way
> of the IBM commercial. Throw money at the problem. We have been charged
> with finding the security products that will help protect our environment.
> They have assigned some arbitratry dollar amount and have said they want a
> decision on what to buy in 30 days. That ought to give us plenty of time
> to evaluated multiple vendors security products...ya right. Got to love
> management. Anyway instead of just searching out there blindly, I thought
> I would see what you might suggest. We are looking for Network level,
> server and client level security products. Some info about our
> environment is below:
>
> 5500 Workstations (Windows NT - XP)
> 250 Servers (Windows, Unix, VMS, Linux)
> 6500 Users
> Many sites (Slowest WAN link is a T1)
> Mostly Cisco Switches, Routers, Access Points
> Items Already Invested In: (Landesk, WSUS, LanGuard, Checkpoint Firewall,
> Symantec Corporate edtion)
>
> Items we are looking at or evaluated (Sygate, StealthWatch)
>
> Any Thoughts?
>
|
| Similar Threads | Posted | | How use of security tools. | June 28, 2005, 3:28 am |
| tools to test security | September 24, 2005, 10:31 pm |
| Windows Fault Simulation Tools? | July 29, 2006, 6:46 pm |
| Clustered Exchange AV + SPAM tools | January 19, 2007, 11:03 pm |
| How do I prevent the use of tools like Hyena from gaining informat | June 17, 2005, 5:22 pm |
| How do I prevent the use of tools like Hyena from gaining info | June 17, 2005, 5:23 pm |
|
XML Sitemap