Introduction

ajm (cso@intacc.net)
Sun, 26 Mar 1995 09:29:49 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kevin J Ziese: "Re: Introduction"
Previous message: brian.smith@morebbs.com: "Introduction"

This is my introductory message.

I work for an organisation which is also undergoing down/rightsizing. We are
trying to do this by rapidly deploying hundreds of Unix systems linked to a
corporate network. This network provides users with PCs, X Stations or
workstations access to anything they need to get their jobs done. We have a
mix of legacy systems on the mainframe and an ever increasing number of
services on the Unix systems. In this fiscal climate we don't have enough
people with the right knowledge to do everything that needs to be done. Now
we are moving into the Internet--a recipe for disaster for sure. But I find
that management really is between a rock and a hard place and security just
doesn't beat out the hunt for spare dollars.

I am network and/or system security for most of these systems. Oh sure the
SAs are supposed to deal with local system security but most are secretaries
or are too busy with their other work to handle anything but fires. I myself
am moving up the learning curve from several years of mainframe security to
open-systems security. Most of this is due to my taking on project
management for the deployment of LANs at distant corporate offices. These
systems have daily COPS audits, were configured using RAXCO's STK auditing
and integrity tools, enforce SecurID 2-part authentication and will have
automated intrusion detection within the next month. These are our most
secure systems only because, as both PM and security, I made SURE these
things were going in. But the down-side was that I was the only one to do it
and I am now de-facto system admin for these systems since I am the only one
who knows them inside and out!

I Beta tested Haystack Labs' Stalker product and tried out SAIT's CMDS.
These two intrusion detection (misuse monitoring) products did what they say
they will do. I will be deploying one of these in the next month on my
remote sites and on the network backbone control stations. I will have a
better idea of how valuable such systems are once I have had a chance to
work with them in an operational setting--beta tested on a separate tested
only. I may not WANT to know all that is going on--I may not be able to get
management support in stopping it.

Andrew Mackie 


|======================    Access Provided By:   ===========================|
| Internet Access Inc.      voice (613) 225-5595   info@intacc.net for info |
| Providing all levels of access to the internet.                           |
|===========================================================================|

Next message: Kevin J Ziese: "Re: Introduction"
Previous message: brian.smith@morebbs.com: "Introduction"