On 02/07/03 13:04 -0700, Chris Berry wrote:
From: Paul Hawkinson [EMAIL PROTECTED]
Chris didn't mention that he was talking about the AVG free edition. We
are running AVG on our servers and workstations. It is really a great
piece of antivirus software.
That part must have gotten snipped
on the shareware
concept :)
cheers-
lx:)
-Original Message-
From: Paul Hawkinson [mailto:[EMAIL PROTECTED]
Sent: 26 June 2003 21:31
To: [EMAIL PROTECTED]
Subject: Re: Oh Dear, Where to start?!
Chris,
What do you mean when you say ;
There are a number of free scanners, but nearly all
From: Paul Hawkinson [EMAIL PROTECTED]
Chris,
What do you mean when you say ;
There are a number of free scanners, but nearly all of them
(including AVG) are not legal to run in a networked environment
I wasn't aware that it was Illegal to run AVG in a networked
environment. What do you mean by
Then, start on policies that help with passwords on post-its and such,
you could certainly start that step off in parallel with the firewalling
issue. I always had fun Post-It hunting in my office(s). Each
Post-It costs $50 for a return.
Use the $50 fees to fund purchases of equipment and
NOT BE INSTALLED IN ANY NETWORKED ENVIRONMENT!
NO TECHNICAL SUPPORT IS AVAILABLE WITH AVG 6.0 Free Edition.
-Original Message-
From: Paul Hawkinson [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 26, 2003 3:31 PM
To: [EMAIL PROTECTED]
Subject: Re: Oh Dear, Where to start?!
In-Reply-To: [EMAIL
From: Paul Hawkinson [mailto:[EMAIL PROTECTED]
Sent: Friday, 27 June 2003 06:31
To: [EMAIL PROTECTED]
Subject: Re: Oh Dear, Where to start?!
In-Reply-To: [EMAIL PROTECTED]
Chris,
What do you mean when you say ;
There are a number of free scanners, but nearly all
: 26 June 2003 21:31
To: [EMAIL PROTECTED]
Subject: Re: Oh Dear, Where to start?!
Chris,
What do you mean when you say ;
There are a number of free scanners, but nearly all of them
(including AVG) are not legal to run in a networked environment
I wasn't aware that it was Illegal to run
Tony,
You right. I was just not really expecting him to go out and do
it like that! I was just not getting into detail (' I know it's
not very detailed, and lacks in more specific info;'), just pointing in
the direction I would go.
Careful analysis is ALWAYS necessary! If not, you'll find just
I would have to bring up the point that depending on
what type of Government office your working for they
are probably governed the Department of Commerce. The
Department of Commerce created NIST, for the purpose
of dealing with IT and IT security, as well as other
matters. You will find approved
Alex and Steve,
I would not do what Alex recommends. You cannot go in like a commando and
start changing everyone os, desktop configuration, apply dhcp/dns, without
doing an impact analysis on current application and LAN connectivity
requirements the current users have. The last thing you want
Hi steve and all,
Some kind of security countermeasures dont require any budget, for
example saying people not to write down their passwords instead of their
minds.
I think, you first have to develop a basic outline of a security policy. Set
up a budget, and propose it to the management.
: [64.60.95.218]
X-Originating-Email: [EMAIL PROTECTED]
From: Chris Berry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Oh Dear, Where to start?!
Date: Wed, 25 Jun 2003 12:47:36 -0700
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-ID: [EMAIL PROTECTED]
X-OriginalArrivalTime: 25
Steve,
I would start with looking at ISO17799.
Jessica
-Original Message-
From: Steve Frank [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 25, 2003 4:56 AM
To: [EMAIL PROTECTED]
Subject: Oh Dear, Where to start?!
Hey everyone,
Ok... I am in a bit of a jam here and I was hoping to
So basically, if you had to start from nothing, where
would you start first?
A good place to start would be
http://www.sans.org/resources/policies/
Has policy information, links, and sample policies...
wouldnt be so bad normally I guess, but there is
virtually no budget allocated to help
Why not start with a risk analysis and find out what are business critical
devices, applications and servers. Assign each identified device a priority
number. This should become your roadmap. This is obviously a very high level
approach. But it's a start in the right direction.
-Sanjay
In-Reply-To: [EMAIL PROTECTED]
Okay wow,
Sounds like your in a mess of trouble...
For policies, I recommend reading http://www.sans.org/resources/policies/
this will give you a great start.. this is what most of my policies are
based off, and I've yet to run into any trouble with them.
Next,
First point Steve is that this is going to take a lot longer than three
months to do. You have to change a culture and this is the biggest problem.
OK, the first point is to set the wheels in motion to make a security policy
that states that anyone breaching you security policy will be
On Wednesday 25 June 2003 06:55 am, Steve Frank wrote:
-snip
What I need advice on is the following: If you were
introduced to a mixed network (literally all versions
of windows since 3.1 and mac systems) that have no
updates, backups, or patches installed...
Here are my 2 cents:
Have a basic plan. It will have to be reworked over and over but don't bite off more
than you can chew. Have meaningful goals and attainable objectives.
Get support! You will need upper-level support to approve and support your seemingly
never ending stream of changes and
From: Steve Frank [EMAIL PROTECTED]
Hey everyone,
Ok... I am in a bit of a jam here and I was hoping to
get some feedback from some of you with appropriate
experience in the field of network security and policy
development.
I am an senior at RIT studying (essentially) systems
administration. My
Greetings,
Well, I've been in your situation. And it should not be a very
difficult task. First of all you want to know what kind of level of
Security your Org need.
First i'll check the Ciritical applications..
- Are they in a DMZ
- Are they securely configured and installed.
- Do a Backup
On Wed, Jun 25, 2003 at 04:55:46AM -0700, Steve Frank wrote:
Hey everyone,
Ok... I am in a bit of a jam here and I was hoping to get some feedback
from some of you with appropriate experience in the field of network
security and policy development.
ok.
I am an senior at RIT studying
So basically, if you had to start from nothing, where
would you start first? What would you consider to be
the most important things to be implemented? I am
literally working from ground zero here... heh!
Ahhh... the joys of being a sysadmin :-)
If I were you, I'd first of all put a lock on
Most organizations have many security policies (User ID and Password,
Extranet, Firewall) But there should be one high level policy that
basically states that information security is important to the company
and assigns responsibility of security to certain group(s). This high
level policy
If I were start on this assignment, I would do the following.
1. Write up a risk assessment
2. Develop a plan of action documents based on templates from SANS website
3. Develop a good working relationship with someone in the senior management and
get their buy-in on this. (You
25 matches
Mail list logo
