RE: Proxy server hit... Any ideas?

[Alvin Oga <alvin.sec () Mail Linux-Consulting com>]

hi ya mike

my it policies
        - no telnet, no ftp, no ppp, no pop3, no pptp, no vpn
        - no dhcp, no laptops from home, no wireless
        - definitely nothing from an insecure network at home...

        - i want to to know anytime anything connects and disconnects
        from the "supposedly secure" corp lan

- than figure out who gets exceptions and why and how ...  and reiterate
  that each exception to the policy has the possibility to erase the
  PCs and possibily disrupt or erase the entire corp lan by "click-happy"
  users
        - lots of fun stuf to do..

Security Policy Stuff ( RFCs even )
        http://www.Linux-Sec.net/Policy/

have fun
alvin


On Wed, 20 Nov 2002, Mike Cain wrote:

> Yeah, the box came to me basically because the guy above me doesn't have
> a clue about NT or about ANY security... Bad timing I guess or good
> depending on how you look at it... I have just got back from meeting
> with management to suggest some policies, now they want me to write an
> IT policies handbook, guess I asked for that one huh? :)
>
> So where should I start looking for de-facto policies, and such? Or
> should I just use my best judgment? I'm thinking the latter is a bad
> idea because if one doesn't pan out, then they say, "Well... YOU wrote
> them..." :)
>
> Again, thanks SO MUCH for all the responses. Groups like this make
> learning the security scene A LOT less painful. 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com