Jump to content

Suggestions for sealing exploits on network?


jason_guy_yeah

Recommended Posts

This is kinda a noob question but, would you guys have any good suggestions for tools for detecting security holes that I can make a report? So basically at work, we've had a revolving door for our security team...actually at times we've had no IT security and the firewall is a mess. I've suggested VDI/thin clients and better password policies or running windows off of a Linux middleware and have a generic snapshots ready. However, my manager thinks having all the passwords on a unencrypted excel spreadsheat is fine because only OU admins can access it and when a computer gets a virus/trojan; rebuilding the OS is all that's needed.

End users are allowed to download and add toolbars/extensions....actually some have admin accounts because he doesn't want to set ACL's/security groups for work applications. We've been fortunate enough that the admin accounts haven't had any viruses but, I've rebuilt quite a bit of machines that had undetected keyloggers and trojans...I'm concered of the network getting compromised and spreading. But my knowledge of network security is minimum.

What I would like to do is get a good list of tools (nmap, nessus, bitlocker, fileharding, etc), readups or suggestions.

Link to comment
Share on other sites

By the sound of it tools are not going to help you, you need policies and buy in from management. I've none handy but there are plenty of conference talks about different ways to try to get this. You need to show the cost benefits of implementing good security rather than fighting fires, the initial cost may be more but the ongoing cost of disruption and time wasted recovering will come up to more in the long run.

For tools, I'd invest in AV for the common stuff and then good permiter filtering, block all unauthorised in and out bound traffic.

Maybe drop a copy of Security Onion on a span port near the gateway and show how much malicious traffic is moving around.

Link to comment
Share on other sites

Step 1: Silently infect one computer with 2-3 viruses, and 1 worm.
Step 2: Once the worm spreads to other machines tell your boss about it

Step 3: Inform his boss that it was his fault for allowing all of what you mentioned

Step 4: Congrats you have all the security policies in place AND a new boss

Note: Don't actually do this.

Link to comment
Share on other sites

Yeah, all the tools in the world won't work without having those policies in effect. The weakest link in security is the human element, and if no one is willing to enforce it at that end, then it's not going to work. (That was one big run-on wasn't it?)

Basically I would just try to shove it down everyone's throats that they need to start enforcing this, or you could anonymously post your company's name somewhere and tell everyone the extreme lack of security prevalent, I'm sure that would have attacks from everywhere rolling in and would force them to put these policies in place. The down side to this is being in the position you're in, you would have to clean it all up :/

I hate this but you're really between a rock and a hard place.

Link to comment
Share on other sites

Oh ok, after talking with my manager. He's going to resign within a month so he doesn't want to lose brownie points from enforcing policies. I tried asking my director but he said it's up to my manager and to really start looking for a new job.

Wait... That was his suggestion to YOU?

Link to comment
Share on other sites

Yeah, it's kinda weird, he told the department later on in a meeting the same thing and he's looking for work too. I'm guessing remote support is taking over, another location has thin clients and no IT staff on premise.

I just realized that users weren't suppose to save to the desktops (roaming profiles) but the manager changed it, so there profile's aren't backuped up only what's on the file server and mail server.

Link to comment
Share on other sites

Get your ass to the job market *NOW*! Stay with the place until you have something else (man's gotta eat too) but until management has been replaced don't bother to bring the subject up anymore - nobody cares (and it will be their downfall).

It's obvious they aren't taking their own work seriously themselves which means you effectively are unable to properly do yours. When you interview at another place and they ask why you're leaving your current job, just say people are leaving the apparently sinking ship and you're not going to sit around waiting to get sacked (if they don't ask, don't bring it up yourself).

Link to comment
Share on other sites

Not that it helps in the flaky job situation you describe above, but a good way to show the cost benefit of proper security is to show them how much time you and your colleagues waste investigating incidents and cleaning malware. So, for example, say you cost the business $50 a hour, and you're spending 5 hours a day on this, do the maths to show them how much they'd save over 3 years by spending the money on AV and removing user admin rights. You can extend it into how long an average malware call takes to deal with (showing how much time that user can't work) and show how many calls to the support desk would be avoided, etc.

Anyway, best of luck to you. Sounds like there are better places to work.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...