How to deal with network security

NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
He's a question for everyone, how do you think companies (large or small) should deal with security when there is a) no security oriented staff or b) the technical staff doesn't have a focus or strong understand of network security. As an example, where I work there is a systems engineer and 4 technicians (including me). We have 50 or so servers, 50 or so switches, and about 5000 users. The problem is the engineer has setup things on the network in a "set and forget" fashion (ie. auto approve all WSUS updates).

So I guess I'd like to know how you handle the networks security when those running the network don't really no much about security. Do you buy an applicance (like IPS/IDS) and hope it takes care of everything? Do you add more software to scan for more things? Would you be willing to even consider an all-in-one product to handle such things?

Comments

  • msteinhilbermsteinhilber Member Posts: 1,480 ■■■■■■■■□□
    I've been trying to tackle getting better security in place for over a year at my place. We are a real estate firm, and as such we have agents that come and go but since they are technically independent contractors, they all generally use their own desktop or notebook. We still handle supporting all of the computers even if they are their own, but the downside is our IT manager is completely against having their own PC's join a domain. Most of our offices are not even part of a domain, in fact the ONLY computers we have out of the 1200 or so we support that are part of a domain are a half dozen in our call center so they can use roaming profiles since they don't have assigned desks.

    SO FRUSTRATING!

    Having said that, we obviously have very minimal time on our hands for anything since managing resources is a complete horror show and we have just 3 people (two if you account for the IT manager being tied up in meetings often) to support all of our offices and users. In addition, the other guy I work with doesn't seem to have the desire to be in IT - he doesn't keep up to date and basically is a format and reinstall or setup somebodies computer for printers and network shares guy only. I have focused most of my extra free time and time outside of work to setup Untangle in our offices to provide some web filtering and other features that it includes (our company is also very frugal with IT spending hence using FOSS). Other than that our main servers at our corporate office we kind of pray and hope for the best really. It's quite sad... I could really go on and on about our poor security and most of your jaws would hit the floor but I wouldn't care to disclose that much detail.
  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    Haha you wouldn't need to disclose your security nightmare because I'm living it everyday too icon_wink.gif Our fearless "leader" configured a Symantec anti virus server and just pushed it out too all clients on the network one day....except he didn't setup any policies so everyone has this awesome endpoint product with defitions from.....wait for it....Aug 2008....icon_rolleyes.gif
  • msteinhilbermsteinhilber Member Posts: 1,480 ■■■■■■■■□□
    It's fun times for sure. My boss means well, but when it comes down to it - anything we want to do has to be done with strictly me and him to design, implement, and support it. There might be some occasional easy work the other tech can handle but only if it's really straight forward. He's a bit dense... we have licenses for TrendMicro and have had it for years. I ALWAYS catch my co-worker installing AVG Free on users machines, why he does it is beyond me when I have packages for Trend available. Makes perfect sense to utilize a product that isn't able to be managed remotely or alert us to any outbreaks... not to mention he is breaking the license agreement for AVG's product by installing it in a commercial environment. Just the other day I caught him preparing a workstation image... installing AVG Free on it.
  • NightShade03NightShade03 Member Posts: 1,383 ■■■■■■■□□□
    That is just simply amazing, and here I am thinking that I'm the only one who deals with this insanity every day!! Unfortunately I'm still in the "tech" role and the system engineer won't give us permissions to anything, so basically even though I know how to fix things on the server I can only "tell him about it". Which really means that they'll get fixed sometime next year.

    I don't understand why people insist on installing unmanaged applications or configurations?! We have a guy that sets up all network printers as local connection to peoples computers by name....They are on the server for a reason! But you're right....good times icon_thumright.gif
  • TalicTalic Member Posts: 423
    While we telling stories, I might as well throw my hat in even if it isn't security related. I just started a volunteer job and I was going in to meet the manager for the first time (I'm actually just starting tomorrow since I just finished the paper work for it and she wasn't there that time) and the guy that was doing support there asked me to help with a problem that he was having with a machine. It was a fresh install and he was reinstalling the drivers and it was giving him bluescreens. To make a long story short, he was installing all the drivers all at once off a recovery disc rather then restarting. I couldn't believe that he didn't at least restart after doing the chipset drivers. So I ended up getting the machine working after he said he was working on it for a week.

    So security can have some holes in them with people like this at the helm.
  • mikedisd2mikedisd2 Member Posts: 1,096 ■■■■■□□□□□
    Gosh, and I was concerned about our security because we had 2x free ports open on ISA...
  • mikezmikez Member Posts: 26 ■□□□□□□□□□
    we deal with network security in numerous ways:
    3 physical locations - 1300+ computers
    27 servers
    3500+ users

    1. Written Policies
    2. Firewall - we spent a lot of money to have web filtering, IPS, email filtering, etc
    3. Active Directory Group Policies - Lock the users down, give them what they need and no more.
    4. Monitoring on a daily basis - firewall logs, servers logs
    5. Symantec endpoint protection at the desktop
    6. VNC for helping users (also works as security because people know we could watch them)


    from the outside world we don't let much in, we are more concerned about somebody on the inside doing something. we still want to improve on our security
Sign In or Register to comment.