Common Security Practices
Results 1 to 5 of 5

Thread: Common Security Practices

  1. #1
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188

    Common Security Practices

    Just curious as to what the AO members do to try to make sure their networks are not the 'low hanging fruit', as it were.

    Some things I do [externally]:

    Change default ports for services like SSH, and key based authentication... Also user allow lists.
    Make sure that only services that are absolutely necessary are running.
    nmap scans against our IP range to look for anything open that shouldn't be.
    XSS/SQL injection testing against our webservers.
    Keep patches up to date. [of course]

    These are all pretty basic. I am looking for other ideas to harden our perimeter. Feel free to offer suggestions for securing the internal network as well. Don't want the 'Skittle' type network.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  2. #2
    Senior Member wiskic10_4's Avatar
    Join Date
    Jan 2004
    Location
    Corpus Christi, TX
    Posts
    254
    Hardening your perimeter is all well and good, but I think that most network disasters start from within. What are your user policy settings?

    Do you control what sites your users can and cannot access? How so? Are they able to install anything they want? Or do you have them locked out of everything except their My Documents folder, unable to make changes to the registry? How are updates and patches administered?

    Describe your network - what is your setup, what is the nature of your business, and what do users need to be able to do?

    Answer those questions, and we'll get your network sealed up tighter than a dolphin's a$$h0l3.
    My Corner of the Intarwebz: Jeremy Dean Online

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I work for a school district. There are a wide variety of things that teachers/students/administrators [like principles, superintendents, etc] need to get to online. We have a content filter that lets us set the level of filtering by usergroup, ou, ip, etc.

    We have the 'Run only allowed Windows Executables' policy set for students. Teachers are have a little more freedom, but I do disallow any executables running from %temp%, %tmp%, and c:\windows\temp. No one runs as a local admin. So teachers do not have write access to 'Program Files'. I also lock down the outbound traffic at the firewall.

    We assign addresses using MAC reservations in DHCP. Physical jacks are by default inactive [not patched into the switches], until needed.

    I am constantly sending out reminders about phishing attacks, trojans etc. Everytime I get one, I doctor it up, and send it out as an example. Not sure how much it is sinking in, but I figure it can't hurt.

    The biggest problem I can see internally is that we are running a flat Class A network, but that is going to change this summer once school lets out.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Oh, and of course, we use different passwords for all of the servers.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    HYBR|D
    Guest

    Lightbulb

    basic rundown

    all users have locked down accounts. ( Including the higher ups )

    the machines boot from an image file. ( As soon as the machine restarts or shutsdown it loads a default OS )

    users are limited to what they can and cannot run on there workstation and what can and cannot connect to the interwebz.

    the apps on the safe filter list have read/write acess only

    before the workstations are released to the users access to usb cdrom etc are disabled or removed.

Similar Threads

  1. A guide to proactive network security
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: November 30th, 2004, 11:45 PM
  2. Best Security Websites
    By AngelicKnight in forum Newbie Security Questions
    Replies: 37
    Last Post: June 28th, 2004, 01:29 PM
  3. Windows Pc Data Security
    By nihil in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 02:04 AM
  4. CISSP Notes: Security Models: Access Control Models
    By MrLinus in forum The Security Tutorials Forum
    Replies: 4
    Last Post: October 11th, 2003, 03:22 AM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 08:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides