Printable View
found this: http://www.sawmill.net
you may also consider a syslog daemon : http://www.kiwisyslog.com/products.htm#sysloggen to concentrate all logs in one point
I have no exp on those--- i use to scan my logs by my own - (some vb+scripts+php+cobol stuff). if you like programming, you can try :P
Angelic:
Please feel free to show this to your boss.
I believe that as a financial institution your company falls under Sarbanes-Oxley -
Some of the security questions are answered here
Of particular note is the following:-
Also, from here comes:-Quote:
Q: What do you see as the most direct tie between Sarbanes-Oxley and an organization's security program?
A: There are several links between Sarbanes-Oxley requirements and a company's security program. They include: ensuring appropriate awareness of company security policies and commitment by management; designing and implementing appropriate security controls; and documenting and auditing security policies, and making sure they are understood by management and end users.
Ever considered a risk assessment? Has your boss? Would your boss think that a risk assessment would be a prudent thing to do? It's mandated under Sarbanes-Oxley.Quote:
Yet in the law there is a provision mandating that CEOs and CFOs attest to their companies' having proper "internal controls." It's hard to sign off on the validity of data if the systems maintaining it aren't secure. "It's the IT systems that keep the books," Saidman said. "If systems aren't secure, then internal controls are not going to be too good."
If he doesn't can you please give the name of your company and any other company names or subsidiaries your company may operate under so that I might avoid ever doing business with them in the future.... Thank you.... ;)
[Edit]
Angelic and Caca:
I have a tutorial here on the implementation of a cost effective system.
[/Edit]
"I don’t think that worrying about an employee getting burglarized is that big of a risk."
That's the official word.
See what I'm dealing with guys?! He suggested password protecting the tapes we bring home, so I guess I'll have to look into that...
Man, next time you write wrong my nick AGAIN i will hunt you down ! :ubergun:Quote:
Angelic and Caca
Sarbanes Oxley is one federal regulated body that may be mandated under your current employer. Usually SOX is only required of those companies that have public stockholders. If this is not the case then I would recommend reviewing the GLB Act. If your company holds any personal information (which most financial institutions do) about thier clients, then this document may help solidify your position, GLB Act Section 501-504 specifically.
All the suggestions here are right on and would meet your requirements based on the GLB Act. I just finished up an external audit and having these pieces in place went a long way to making the auditors happy.
Good Luck
I know how you feel. Getting money out of my company is like getting blood out of a rock. They are willing to buy stuff once something has happened though. I live is southern california and when the fires got going last year (to within 4-5 miles of the office) the CFO was finally coaxed into buying some more stuff for us.Quote:
Originally posted here by AngelicKnight
"I don’t think that worrying about an employee getting burglarized is that big of a risk."
That's the official word.
See what I'm dealing with guys?! He suggested password protecting the tapes we bring home, so I guess I'll have to look into that...
What about the DVD's? They can be played in any $20 DVD player. What if one of your houses burns down? (Then you are without the backups) I know the "what if" situation may not be the best way to approach your boss, butm maybe breaking into his house is. j/k
The DVDs don't go home fortunately. They just stay in the President's office.
So I had never heard of Sarbanes Oxley before. This'll make a good research project!
One suggestion for your tape problem may be keeping them in a safety deposit box in a bank.
what we do where i work is we have the main tape backup system, but then we also have a backup off site tape system who's tapes get sent to a safety deposit box in a bank (since most bank safes are fireproof ;)) with our "everyday" tapes, every 3 weeks (about the life of our tape sets) we move them to an off-site storage that is still close enough for us to walk over, but it will protect the tapes if the IT/computer science building burns and crumbles.
as far as your infrastructure goes, attached is a picture of how ours is and maybe it will help you (it is pretty cheap to impliment) we use smoothwall firewall (free) on an older box that has been "bumped down" from normal use - it is still a p4 1.4 GHz with dual gigabit cards.
i didn't put the routers in there, but for the most part, the router lives where the letters on the line are (ex: DMZ and Rest of Network) and before the first firewall (for the internet connection) we are on a shared OC-3 and have all windows computers (except the firewalls and the servers). Our servers are a mix of win2k AS, win2k3 ES, HP-UX and TRU-64. (many of our servers are internal so they didnt' show up on my little diagram)
I hope this helps, if you need any more details let me know.
I'd make suggestions, but from your description you are really just starting from scratch, and as usual there is as much different advice flowing around here as there are people dispensing it. All I can say is good luck. My experience working for a financial services company was that the industry itself is incredibly backwards in technology adoption. It might take a break-in to illustrate your point. You might also consider getting some consultants in on it as if you have some people whose sole job it is to analyse for security, you will have a better chance of making headway with management. For some reason they seem to be of the opinion that they hired you, so obviously you are just making up ways to spend money. :/