-
April 2nd, 2010, 07:35 AM
#1
Common Security Practices
Just curious as to what the AO members do to try to make sure their networks are not the 'low hanging fruit', as it were.
Some things I do [externally]:
Change default ports for services like SSH, and key based authentication... Also user allow lists.
Make sure that only services that are absolutely necessary are running.
nmap scans against our IP range to look for anything open that shouldn't be.
XSS/SQL injection testing against our webservers.
Keep patches up to date. [of course]
These are all pretty basic. I am looking for other ideas to harden our perimeter. Feel free to offer suggestions for securing the internal network as well. Don't want the 'Skittle' type network.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
April 2nd, 2010, 03:47 PM
#2
-
April 2nd, 2010, 06:55 PM
#3
I work for a school district. There are a wide variety of things that teachers/students/administrators [like principles, superintendents, etc] need to get to online. We have a content filter that lets us set the level of filtering by usergroup, ou, ip, etc.
We have the 'Run only allowed Windows Executables' policy set for students. Teachers are have a little more freedom, but I do disallow any executables running from %temp%, %tmp%, and c:\windows\temp. No one runs as a local admin. So teachers do not have write access to 'Program Files'. I also lock down the outbound traffic at the firewall.
We assign addresses using MAC reservations in DHCP. Physical jacks are by default inactive [not patched into the switches], until needed.
I am constantly sending out reminders about phishing attacks, trojans etc. Everytime I get one, I doctor it up, and send it out as an example. Not sure how much it is sinking in, but I figure it can't hurt.
The biggest problem I can see internally is that we are running a flat Class A network, but that is going to change this summer once school lets out.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
April 5th, 2010, 08:48 PM
#4
Oh, and of course, we use different passwords for all of the servers.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
April 6th, 2010, 01:07 AM
#5
basic rundown
all users have locked down accounts. ( Including the higher ups )
the machines boot from an image file. ( As soon as the machine restarts or shutsdown it loads a default OS )
users are limited to what they can and cannot run on there workstation and what can and cannot connect to the interwebz.
the apps on the safe filter list have read/write acess only
before the workstations are released to the users access to usb cdrom etc are disabled or removed.
Similar Threads
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: December 1st, 2004, 12:45 AM
-
By AngelicKnight in forum Newbie Security Questions
Replies: 37
Last Post: June 28th, 2004, 01:29 PM
-
By nihil in forum The Security Tutorials Forum
Replies: 6
Last Post: December 24th, 2003, 03:04 AM
-
By MrLinus in forum The Security Tutorials Forum
Replies: 4
Last Post: October 11th, 2003, 03:22 AM
-
By Noble Hamlet in forum AntiOnline's General Chit Chat
Replies: 1100
Last Post: March 17th, 2002, 09:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|