Posted by: mongy1951 | July 3, 2010

Basic Network Security

Had an interesting conversation the other day; I was asked what I would do in order to begin tightening up security in an organization where computer security has been lax.

It’s hard for me to believe there are still organizations out there who don’t have a very well designed and implemented security program in place.  However, I suppose that some people have been living in very well secured facilities, have no internet connectivity enabled and don’t allow people to either take their laptop home nor do they allow anyone to bring in CDs.

However, the question was “what would you do?”

I suppose that you’d start with passwords.  Would be the easiest thing to begin with.  You’d need to implement some form or centralized security hub, like LDAP or AD.  Set up mandatory password controls (include a plan to age passwords with mandatory changes at periodic intervals).

A note on the quality of passwords here:  They need to be complex.  Can’t have any one using “drowssap” or their name spelled backwards.

A few years ago I used a hacking tool to go through the AD and list out users whose passwords were “simple”  Out of 350 users, the software flagged more than half  of the accounts for simple passwords.  Among those on the list were the CFO, the HR Director, the Accounts Payable Manager and all of the payroll clerks.  Not a good thing.

Oh, and I’d walk through the office and look at monitors.  You’d be surprised at the number of times I’ve found account information taped to the monitor.

John

Advertisements

Responses

  1. It’s not too surprising that an organization doesn’t know about computer security. Many people administering systems don’t have the skills necessary to defend a network against sophisticated hackers. Microsoft makes it easy for anyone to click the “Next” button to get an entire organization company up and running. Put in a simple firewall, add some anti-virus software and viola! Secure! In some cases, the guy managing an organization’s computers isn’t even a school trained computer guy. It may just be the guy who knows the most about computers.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: