Results 1 to 10 of 10

Thread: Security help

  1. #1
    Junior Member
    Join Date
    Jan 2002
    Posts
    18

    Question Security help

    Need help here. I am new to this forum. Just thought I would post something and get some help. I am a network admin, im pretty new to the field and want to learn more about security. I have our systems here pretty secure, as far as I know. I need to write a Network Security Document for my boss. Basically telling what security I have in place and stuff, but I feel like i am missing somethings as my document is not very long and I cant think of anything. We have a proxy server that is pretty secure (I went to a few sites that had proxy server utils that checked to see if it was hackable and it was secure). I was wondering if anyone could give me some pointers or even security documents that you might have written for your work so that I may read them and get some ideas. Any info would be helpful.

    Im glad i found this site, it rocks. Thanks again.
    Jeff


  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    Security Document...

    Jeff - I've been through this one before, over the Summer. Now, we're a fairly small group up here, but the document came out to be around 30 or so pages. Here's what I think that you'd be missing (based on experience), and here's how to address it:

    "Nice" things: FBI/police involvment procedure; how logfiles are backed up/spooled off the box, and how they're handled for forensics.

    "Needed" Things: Index (i.e. what is "sniffing", what is "promiscuous mode", etc), examination of PHYSICAL security, examination of SOCIAL ENGINEERING, etc.

    Security isn't just about securing a box. You need to secure the box, ensure that its backups are readable/reliable, ensure that physical security is taken care of, and ensure that group policies and so on are set up well. Also go over user passwords and an AUP.

    ~N~

  3. #3
    I agree with nietzsche on this, but you can take a few steps further. It basically sounds like you are preparing a Security Policy/Manual, at least that's what I would call it - in that case, go ahead and add in contingency plans based on "what-if" scenarios. In this plan, determine what you will do, who will be called, procedures for business continuation, etc if something happens to your servers, boxes, etc. You can go into much detail here, and it is really something that you need to think about anyway being a Network Administrator. That's one thing I've learned as a Net Admin myself - in business, it's definately important to have a Security Policy in place.

    Hope this helps...
    - Maverick

  4. #4
    Senior Member
    Join Date
    Jul 2001
    Posts
    461
    here are a couple of links with lots of resources about security policy, and how to write them, as well as some templates, and lots of other interesting stuff....

    http://www.sans.org/newlook/resource...s/policies.htm

    you will find lots and lots of other security docs here

    http://www.sans.org/newlook/resources/

    and here

    http://www.infosyssec.com/

    good luck..

    IchNiSan

  5. #5
    Junior Member
    Join Date
    Jan 2002
    Posts
    18
    Wow guys, thanks a lot for your help. This is exactly what I was looking for. If anyone else has any insights, please help. I need all the info I can get. I dont want to make this too long, 30 pages seems a bit too much, they arent expecting anything big since this is a very small company with only 4 servers and 30 comps in two locations. All they need is pretty much what I have in place, i took it on myself that I may need to research this further and try to find any other security issues or holes that may exist in our system. I think that I am probably missing some things that could let people in our system and want to try to identify them if there are any. A while back I had a problem where some anonymous user was using our proxy server to access the internet at a higher speed. Well it was then that I realized that anonymous access was enabled on the proxy server. Once I disabled it, i never saw the guy again on there. Its little things like that that i never even knew about that jeopardized our security. Anyway, thanks again for any help, I really appreciate it.
    Jeff


  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    119
    i hope it helps:

    http://dc.qut.edu.au/security/

    and then go to Security Policies

    you can find all what you need,a special recommendation is
    Australian Standard AS4444

    cheers

  7. #7
    As you read up on computer/networking security, you'll come across things that will make you think - Am I doing this on my network, do I have this particular measure in place, etc? Then, as you see these things, you'll probably find some more holes that may need to be fixed, software that needs to be patched, etc. One of the first things I would do is to run a port scan on your network to see if you have any open ports - if you find open ports, verify what they are being used for and close all of the ones that do not need to be open.

    I don't know how it is at your place, but you may want to tell your supervisor that you will be conducting a scan of the system to find vulnerabilities. Some supervisors like to be informed of these things.
    - Maverick

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    Originally posted by jjcampbe
    Wow guys, thanks a lot for your help. This is exactly what I was looking for. If anyone else has any insights, please help.
    This may not help but it's a friendly advice.. Security policys and documentation are living docs and needs to be updated when new situations occures or old equipment is replaced etc, etc.

    If you think this way the initial document do not have to be a novell just make sure that you'll update it now and then and make sure that everybody understands it and helps you out with it :-).

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    Something else that's helpful ..

    Jeff - also, I implimented a "network security breach / network outage" form. This is great, b/c you have a DOCUMENT TRAIL for all the times that the network goes down and/or when you have problems. These are good for a couple of reasons:
    1) If it's a "what the hell?" problem, you can match up instances and reach some intelligent conclusion about what caused the outage, rather than just guessing.
    2) If it's an intrusion, you can look back at these and match up forensic information.
    ... and, of course, 3) When you move on, you have DOCUMENTED PROOF that you were doing something and being proactive.

    Of course, I work with a University ... with a crappy IT department, so we get outages quite a lot - and I can use these to leverage things for myself.

    Just some more of my $.02.

    ~N~

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    132

    Re: micael

    This may not help but it's a friendly advice.. Security policys and documentation are living docs and needs to be updated when new situations occures or old equipment is replaced etc, etc.
    Good observation. My doc has that printed in it, "this is by no means a static document". If you get caught up in making the one-time uberdocument, it'll do you no good a year down the road.

    ~N~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •