hi ya mike my it policies - no telnet, no ftp, no ppp, no pop3, no pptp, no vpn - no dhcp, no laptops from home, no wireless - definitely nothing from an insecure network at home... - i want to to know anytime anything connects and disconnects from the "supposedly secure" corp lan - than figure out who gets exceptions and why and how ... and reiterate that each exception to the policy has the possibility to erase the PCs and possibily disrupt or erase the entire corp lan by "click-happy" users - lots of fun stuf to do.. Security Policy Stuff ( RFCs even ) http://www.Linux-Sec.net/Policy/ have fun alvin On Wed, 20 Nov 2002, Mike Cain wrote: > Yeah, the box came to me basically because the guy above me doesn't have > a clue about NT or about ANY security... Bad timing I guess or good > depending on how you look at it... I have just got back from meeting > with management to suggest some policies, now they want me to write an > IT policies handbook, guess I asked for that one huh? :) > > So where should I start looking for de-facto policies, and such? Or > should I just use my best judgment? I'm thinking the latter is a bad > idea because if one doesn't pan out, then they say, "Well... YOU wrote > them..." :) > > Again, thanks SO MUCH for all the responses. Groups like this make > learning the security scene A LOT less painful. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Nov 25 2002 - 08:30:02 PST