Chinks begin to appear in the antivirus armor
Eighteen months ago, my company, a large financial services organization, suffered a number of attacks that were stopped mostly by luck. With the awareness of security raised, management hired me as information security manager to secure their infrastructure and operations.
I manage a team of five people, with an annual budget of just under US$750,000. With these resources, I protect 4,315 IP-connected devices and 617 staffers from the real and imaginary threats of the New Economy -- and keep our regulators and customers convinced that we're a safe and trustworthy organization.
How do I know we have 4,315 connected devices? We have a vulnerability scanning system. That sounds terribly impressive, but really it consists of a ping sweep followed by the use of nmap freeware port scanner software and Internet Scanner software from Internet Security Systems Inc. in Atlanta. This would be easier if my company maintained an accurate inventory of the equipment it bought and deployed, but with the organization split between development and operations, there's no central tracking of computers.
I highly recommend checking the connected operating systems on your network. We mostly use Windows NT Workstation 4 on the desktop, some Windows NT 4 servers, Sun Solaris systems and a healthy wedge of back-office servers running OpenVMS. All these operating systems are linked by Cisco Systems Inc. routers and switches.
But we knew that before we ran the tests. The useful data is the strange other network stacks we detected:the printers, the developers trying out betas of Windows 2000 and Linux without permission, and even partner organizations, like those that manage the phone system, connecting firewalls and some non-Y2k-compliant versions of Windows 3.1.
And those 617 people? I wish I could say I knew them all. Like other financial services companies, we have many contractors and high staff turnover. Nonetheless, I must educate them all in the basics of information security.
To keep control of the staff changes, we've set up a system that takes a feed from the human resources database and matches it to all the user accounts across our infrastructure. For the past three months, we've been clearing up the discrepancies. With 28,652 accounts in our environment, that was a lot of work. I'm not convinced of the real value of this cleanup, because most of the accounts were expired before we deleted them. But this kind of work really delights internal and external audit, so that alone makes it worthwhile. This would be easier if the human resources database were correct, but at least we have eradicated some of the errors.
Shipshape Firewalls
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
