Andy,
I would like to commend you on this thread, and I hope you compile the
list to share with others. I think a wonderful project would be for the
community to pull together and compile either an open documentation
project or baseline of guidelines with helpful links and suggestions
such as this.
With that being said...
I would also consider Disaster Recovery (DR) as well, I know it is not
directly security related but the off-site data, and/or data in transit
is vital; should be considered in my opinion.
All the previous mentions are spot on and well recommended!
While others have mentioned areas of interest I would like to throw out
some vendors/solutions I think would be helpful to small businesses with
a limited budget but must comply or simply have better security.
1. Security Awareness and High Level Training
1. Community could come together and build this training and share it
2. Email Etiquette, Email Threats, and Email Security
1. Consider US-CERT Alerts, or other notifications
2. Community could also come together and build an Email
Etiquette/training program and share it
3. Network and System Vulnerability Scanning/Patching
1. OpenVAS
2. Nessus
4. Network Security (Firewalls)
1. pfSense
2. Smoothwall
3. Monowall
4. Linux w/iptables
5. Backups and Backup Security
1. CloneZilla (budget purposes)
6. Wireless and WiFi Security
1. Alpha cards, with Kismet
1. Save files as XML, then parse and dump into a database for
recall later
7. System Security, AV/HIPS
1. OSSEC
2. Microsoft Security Essentials or Microsoft Forefront
8. Sensitive Information and Applicable Laws, Regulations, and
Compliance Requirements
1. The community could come together and build a list of useful
links compliance information, etc.
I know this may not be as helpful as others, but I hope it helps a little.
- Robert
(arch3angel)
On 12/2/12 10:57 AM, TheTolik wrote:
I am working on creating a guide to IT Security to help companies
without or with a minimal IT budget protect themselves and their
customers, and am looking for community's input into the topics that
should be discussed.
I also see a lot of value in including recommendations for applicable
tools/technologies that are easily accessible, easy to use, and yet
effective, with strong affinity towards open source, and therefore
would be very appreciative for input on per-topic basis.
So far in regards to the topics, I have (In no particular order)
- Security Awareness and High Level Training
- Account Management / Password Management / Local Admin Rights
- Email Etiqute, Email Threats, and Email Security
- Network and System Vulnerability Scanning/Patching
- Network Security (Firewalls)
- Backups and Backup Security
- Wireless and WiFi Security
- System Security, AV/HIPS
- Website Security and Web/Application Security Testing
- Sensitive Information and Applicable Laws, Regulations, and
Compliance Requirements
Any valuable input would be greatly appreciated.
Thanks,
Andy | oxbeef
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
