Hi Chris,
Everything that has been mentioned is all good, covers some of the basic things that should be addressed, regardless of the environment. But with legal/policy type questions, and even some of the more procedural and technical ways of implementing policy, no one can answer them in a way that is applicable to your situation. Step back, and consider what you are doing -- what are you trying to protect? Define what your company's critical assets are. Who and what are you trying to protect against? What are their capabilities? What are your team's capabilities/strengths/weaknesses? This must be answered in order to design a proper defensive strategy. Might also be a good idea to look into asset management? Does your corporation even know what they have within their datacenters? What software is installed? Patch levels? Once your assets have been identified, perform a gap analysis -- audit the enviornment against industry 'best practices' and look for some of the things that you mentioned earlier (MAC port lock in, turning off unused simple services, etc.). Then work on developing hardening standards and documentation that apply to your specific environment. Turning off services and fixing OS level problems isn't the end all and be all of security -- for example, take a look at the applications you have installed within your environment.. have they been implemented correctly? Are the default permissions in excess of what they should be? Does the application require access to privileged functions? Is it publicly accessible and has been chroot()'d? What is necessary for the chroot() to function? These are things a mailing list simply cannot answer. ttyl, _________________________________________ John Daniele Technical Security & Intelligence Toronto, ON Voice: (416) 605-2041 E-mail: [EMAIL PROTECTED] Web: http://www.tsintel.com
