Thank you, everyone, for your input! Very valuable feedback, great ideas, great
contributions.
I anticipate starting the major efforts on this early next year, and look
forward to getting a live document going on this which can be shared and used
collectively.
Andy | oxbeef
________________________________
From: Arch Angel <[email protected]>
To: [email protected]
Sent: Monday, December 3, 2012 6:59 PM
Subject: Re: [Pauldotcom] IT Security Topics for Small Business
Andy,
I would like to commend you on this thread, and I hope you compile
the list to share with others. I think a wonderful project would
be for the community to pull together and compile either an open
documentation project or baseline of guidelines with helpful links
and suggestions such as this.
With that being said...
I would also consider Disaster Recovery (DR) as well, I know it is
not directly security related but the off-site data, and/or data
in transit is vital; should be considered in my opinion.
All the previous mentions are spot on and well recommended!
While others have mentioned areas of interest I would like to
throw out some vendors/solutions I think would be helpful to small
businesses with a limited budget but must comply or simply have
better security.
1. Security Awareness and High Level Training
1. Community could come together and build this training and share it
2. Email Etiquette, Email Threats, and Email Security
1. Consider US-CERT Alerts, or other notifications
2. Community could also come together and build an Email
Etiquette/training program and share it
3. Network and System Vulnerability Scanning/Patching
1. OpenVAS
2. Nessus
4. Network Security (Firewalls)
1. pfSense
2. Smoothwall
3. Monowall
4. Linux w/iptables
5. Backups and Backup Security
1. CloneZilla (budget purposes)
6. Wireless and WiFi Security
1. Alpha cards, with Kismet
1. Save files as XML, then parse and dump into a database for recall
later
7. System Security, AV/HIPS
1. OSSEC
2. Microsoft Security Essentials or Microsoft Forefront
8. Sensitive Information and Applicable Laws, Regulations, and
Compliance Requirements
1. The community could come together and build a list of useful links
compliance information, etc.
I know this may not be as helpful as others, but I hope it helps a little.
- Robert
(arch3angel)
On 12/2/12 10:57 AM, TheTolik wrote:
I am working on creating a guide to IT Security to help companies without or
with a minimal IT budget protect themselves and their customers, and am looking
for community's input into the topics that should be discussed.
>
>
>I also see a lot of value in including recommendations for applicable
>tools/technologies that are easily accessible, easy to use, and yet effective,
>with strong affinity towards open source, and therefore would be very
>appreciative for input on per-topic basis.
>
>
>So far in regards to the topics, I have (In no particular order)
>
>
>- Security Awareness and High Level Training
>- Account Management / Password Management / Local Admin Rights
>- Email Etiqute, Email Threats, and Email Security
>- Network and System Vulnerability Scanning/Patching
>- Network Security (Firewalls)
>- Backups and Backup Security
>- Wireless and WiFi Security
>- System Security, AV/HIPS
>- Website Security and Web/Application Security Testing
>- Sensitive Information and Applicable Laws, Regulations, and Compliance
>Requirements
>
>
>Any valuable input would be greatly appreciated.
>
>
>Thanks,
>
>
>Andy | oxbeef
>
>
>_______________________________________________
Pauldotcom mailing list [email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
