tag:blogger.com,1999:blog-29245024.post8615212021502623085..comments2023-06-17T07:57:18.521-04:00Comments on Andy, ITGuy: What were they thinking?Andy, ITGuyhttp://www.blogger.com/profile/09237512546845510001noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-29245024.post-66164835529958231872006-12-20T14:07:00.000-05:002006-12-20T14:07:00.000-05:00WOW! Alex. That SSID is longer than most WPA encry...WOW! Alex. That SSID is longer than most WPA encryption keys. :)Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-4884525887624439872006-12-20T13:45:00.000-05:002006-12-20T13:45:00.000-05:00Cypherbit, if I may make a suggestion...
Providin...Cypherbit, if I may make a suggestion...<br /><br />Providing you have the spare IP - Just put a $30 Linksys WAP inside (outside would be better if you can swing it) your DMZ. Explain to people (maybe even in the SSID) that THIS IS LIVE UNPROTECTED RAW UNBONED NON-PROTECTED INTERNET, USE AT YOUR OWN RISK!!!<br /><br />Then, make sure that network has no better access to your internal network than the raw Internet does. <br /><br />Viola! Let them access all they want...<br /><br />We even used this as a compromise on having wireless for our own folks. OK, you get wireless - but if you need an internal network resource, you have to VPN in.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-29245024.post-60573697644664993712006-12-20T13:37:00.000-05:002006-12-20T13:37:00.000-05:00The checklist has some CYA purpose, maybe, but it'...The checklist has some CYA purpose, maybe, but it's mostly perception. <br /><br />I've got control over my network, not you.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-29245024.post-56860564679245508522006-12-19T11:52:00.000-05:002006-12-19T11:52:00.000-05:00Cypherbit, feel free to email me if you have any q...Cypherbit, feel free to email me if you have any questions. I do what I can to help. andy.itguy@yahoo.comAndy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-56559810311050516272006-12-19T11:38:00.000-05:002006-12-19T11:38:00.000-05:00Andy thank you for the quick reply.
I'm asking si...Andy thank you for the quick reply.<br /><br />I'm asking since I'm way behind in this department and need someone with first hand experience.<br /><br />I've notified all the users that no 3rd party should connect anything to our network, before I check their machine.<br /><br />Which I do pretty much the same way you do, that is check their AV, updates and have a quick look for malware.<br />I have no VLAN or any other method of protecting the LAN.<br /><br />We don't have frequent "visits" by 3rd parties at all, but I'd still like to implement something.<br />Am looking forward to your articles on this and other topics.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-29245024.post-54524430431525220392006-12-19T07:01:00.000-05:002006-12-19T07:01:00.000-05:00cyperbit, being a small company we don't have anyt...cyperbit, being a small company we don't have anything "fancy" in place yet. I keep most unused jacks disconnected. When someone does require access I either put them on our wireless VLAN which gives them internet access and printing to a specific printer. If they require access to our live network I check their AV, patches and do a quick once over on their machine to make sure nothing obvious is there. I am currently investigating some NAC solutions. I should have more details next year and will blog about the process.Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-28680259705629734732006-12-19T06:09:00.000-05:002006-12-19T06:09:00.000-05:00I'm curious to know more about your setup for inst...I'm curious to know more about your setup for instances like these. Not only auditors, but 3rd parties having a presentation or something.<br /><br />I’m curious to know what kind of measures do you usually have in place for:<br /><br />1st, making sure no one brings, plugs in a laptop into one of the ports.<br />2nd, what kind of a routine do you have for checking the laptops that do come in (meetings, presentations,…) before they can be plugged in?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-29245024.post-32311019678501499952006-12-18T16:43:00.000-05:002006-12-18T16:43:00.000-05:00Michael, I think I did pretty well on the test. Th...Michael, I think I did pretty well on the test. Thanks for asking. I decided on it because from the research I did it seemed to be the one that would fit with my career goals the best. I considered the CISA and CCIE, but neither of them really give me what I wanted. Although the CCIE would be really nice to have.Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-1125431362578792642006-12-18T16:41:00.000-05:002006-12-18T16:41:00.000-05:00Thanks for the feedback Alex. I may just create a ...Thanks for the feedback Alex. I may just create a "auditor checklist". If nothing else it's good for CYA.Andy, ITGuyhttps://www.blogger.com/profile/09237512546845510001noreply@blogger.comtag:blogger.com,1999:blog-29245024.post-18414861741966535162006-12-18T13:04:00.000-05:002006-12-18T13:04:00.000-05:00Gratz on taking the CISSP. How do you think that y...Gratz on taking the CISSP. How do you think that you did? I have been thinking of adding that to my Cert Wish List. I just learned of it recently. Just found your blog, and I have enjoyed what I have read.ydAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-29245024.post-42883353042963468682006-12-18T13:01:00.000-05:002006-12-18T13:01:00.000-05:00You know, that's kind of amazing.
When I play a...You know, that's kind of amazing. <br /><br />When I play auditor, the last thing I want to do is hook up my machine to your network. If the audit requires me to have access, I expect some flavor of workstation and account provided to me. Failing that, IF it's needed I'll ask for access. <br /><br />A good trick? Spend an hour (or less) and build an "auditor interaction" checklist. Let them know what they can and can't do on your network, and have them sign a "user agreement" that states that they have read your use policies and will adhere to them should they require network access.Anonymousnoreply@blogger.com