Options
I just got put in charge in all things bad
Chitownjedi
Member Posts: 578 ■■■■■□□□□□
My Boss says, "You will now be in charge of our Anti-Virus software and all Viruses/Trojans, Maleware, on Desktops+Servers. I am to look over daily logs of any alerts of maleware on any system on the network (over 1200 managed pc's with Sophos Endpoint installed"
And on top I need to learn how to use the console to implement special settings for NAC (Network Access Control, HIPS (Host Intrusion Prevention Systems, Updates and system remediation, as well as configuring the Parking lot for guess wi-fi network users trying to authenticate without proper credentials.
This a good thing right? lol I just enrolled in WGU for B.S Security last week, and then today I was told about this... talk about coincidence.
And on top I need to learn how to use the console to implement special settings for NAC (Network Access Control, HIPS (Host Intrusion Prevention Systems, Updates and system remediation, as well as configuring the Parking lot for guess wi-fi network users trying to authenticate without proper credentials.
This a good thing right? lol I just enrolled in WGU for B.S Security last week, and then today I was told about this... talk about coincidence.
Comments
-
OptionsYFZblu Member Posts: 1,462 ■■■■■■■■□□Great news! Congratulations, and good luck - Exploits are getting so clever
-
Optionsdover Member Posts: 184 ■■■■□□□□□□Hell yeah that's a good thing!
Congrats! I'm not familiar with Sophos but I've done similar with McAfee and Symantec. Only advice I have would be to thoroughly pilot test all the new implementations but particularly the HIPS component. McAfee's HIPS tended to eat the CPU on some of the older machines - depending on how many signatures were active. A well tuned signature set is a beautiful thing...low false positives.
You'll have plenty of practical experience to draw on at WGU!
Go get em. -
OptionsMike-Mike Member Posts: 1,860sounds like a cool jobCurrently Working On
CWTS, then WireShark -
Optionschmod Member Posts: 360 ■■■□□□□□□□Takes some time to tune things up, as someone said above you should have a test machine where you monitor the hips behavior because is very easy to screw things up when you add a signature o change policies. EPO is a great tool you just need time to learn it and i think the same applies for most of the tools.
-
OptionsWiseWun Member Posts: 285Security is the future. Good job!"If you’re not prepared to be wrong, you’ll never come up with anything original.” - Ken Robinson
-
Optionsjibbajabba Member Posts: 4,317 ■■■■■■■■□□wow I seem to be missing something lol .. I was responsible once for the AV infrastructure in an oline casino and I hated it more than anything ... Going through logs and flaggin up outdated / failed PCs / Serevrs is one thing, then dealing with corrupt installs another ...
Having said that - it was running all on Symantec which is bad on its own ..My own knowledge base made public: http://open902.com -
OptionsPurpleIT Member Posts: 327jibbajabba wrote: »Having said that - it was running all on Symantec which is bad on its own ..
No kidding - I curse Symantec any time I touch one of their products. Rule #1 with Symantec; if it works don't touch it! No upgrades, no reboots no funny looks or it will screw up in some totally random way.
Rule #2, if for some crazy reason you do decide to upgrade from a working installation, make sure you wait until at least the first SP is out if you want any chance of a stable product.WGU - BS IT: ND&M | Start Date: 12/1/12, End Date 5/7/2013
What next, what next...