Guest Marc Posted October 3, 2007 Posted October 3, 2007 Hi, I want to create official document for my company (I'm a system administrator) for currently security status. Can explain somebody further what should contain that document? As I heard I must check windows updates on all computers, check for open ports (from outside), check network traffic through critical ports (25).. What else? Thnx!
Guest Coraleigh Miller Posted October 3, 2007 Posted October 3, 2007 Re: Security network audit Hi Marc, Also document physical access, such as whether or not your servers are in a secure room and who has keys to that room. Also if you use backup media, you could document the process it goes through, such as if its encrypted or not, if a security company picks it up at the end of the day for storage, or if it just goes home with you. Also.. perhaps more of a DR documentation but you could document your environmental situation in your server room like if you have UPS power ample for your servers and equiptment, and if there is a proper air temperature in the room, etc. Coraleigh Miller "Marc" <marc@_REMOVE_THIS_> wrote in message news:eUE1Z3XBIHA.1204@TK2MSFTNGP03.phx.gbl... > Hi, > > > > I want to create official document for my company (I'm a system > administrator) for currently security status. Can explain somebody further > what should contain that document? As I heard I must check windows updates > on all computers, check for open ports (from outside), check network > traffic through critical ports (25).. What else? > > > > Thnx! > >
Guest Marc Posted October 3, 2007 Posted October 3, 2007 Re: Security network audit Hi, you described Disaster recovery plan, but I need security audit, which means check my server (HW + SW) issues and investigate for black holes, if some ports are accessible from Internet, how to check port 25 (is it just mail or someone wich hacking knowledge could entire there....)..... Thnx! "Coraleigh Miller" <coraleighmiller@yahoo.com> wrote in message news:OA8W0hcBIHA.1184@TK2MSFTNGP04.phx.gbl... > > Hi Marc, > > Also document physical access, such as whether or not your servers are in > a secure room and who has keys to that room. Also if you use backup > media, you could document the process it goes through, such as if its > encrypted or not, if a security company picks it up at the end of the day > for storage, or if it just goes home with you. > Also.. perhaps more of a DR documentation but you could document your > environmental situation in your server room like if you have UPS power > ample for your servers and equiptment, and if there is a proper air > temperature in the room, etc. > > Coraleigh Miller > > > "Marc" <marc@_REMOVE_THIS_> wrote in message > news:eUE1Z3XBIHA.1204@TK2MSFTNGP03.phx.gbl... >> Hi, >> >> >> >> I want to create official document for my company (I'm a system >> administrator) for currently security status. Can explain somebody >> further what should contain that document? As I heard I must check >> windows updates on all computers, check for open ports (from outside), >> check network traffic through critical ports (25).. What else? >> >> >> >> Thnx! >> >> > >
Guest Anthony Posted October 3, 2007 Posted October 3, 2007 Re: Security network audit Marc, Seriously, the documentation on Windows Server security is very good, and if you work your way through it you will cover most things quite quickly. http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx Anthony, http://www.airdesk.co.uk "Marc" <marc@_REMOVE_THIS_> wrote in message news:uoaW49dBIHA.1188@TK2MSFTNGP04.phx.gbl... > Hi, > > you described Disaster recovery plan, but I need security audit, which > means check my server (HW + SW) issues and investigate for black holes, if > some ports are accessible from Internet, how to check port 25 (is it just > mail or someone wich hacking knowledge could entire there....)..... > > Thnx! > > > > "Coraleigh Miller" <coraleighmiller@yahoo.com> wrote in message > news:OA8W0hcBIHA.1184@TK2MSFTNGP04.phx.gbl... >> >> Hi Marc, >> >> Also document physical access, such as whether or not your servers are in >> a secure room and who has keys to that room. Also if you use backup >> media, you could document the process it goes through, such as if its >> encrypted or not, if a security company picks it up at the end of the day >> for storage, or if it just goes home with you. >> Also.. perhaps more of a DR documentation but you could document your >> environmental situation in your server room like if you have UPS power >> ample for your servers and equiptment, and if there is a proper air >> temperature in the room, etc. >> >> Coraleigh Miller >> >> >> "Marc" <marc@_REMOVE_THIS_> wrote in message >> news:eUE1Z3XBIHA.1204@TK2MSFTNGP03.phx.gbl... >>> Hi, >>> >>> >>> >>> I want to create official document for my company (I'm a system >>> administrator) for currently security status. Can explain somebody >>> further what should contain that document? As I heard I must check >>> windows updates on all computers, check for open ports (from outside), >>> check network traffic through critical ports (25).. What else? >>> >>> >>> >>> Thnx! >>> >>> >> >> > >
Guest Marc Posted October 3, 2007 Posted October 3, 2007 Re: Security network audit Hi Anthony, many thanks, document is very useful for current issue. Thnx again! "Anthony" <anthony.spam@spammedout.com> wrote in message news:OIQrCDfBIHA.912@TK2MSFTNGP05.phx.gbl... > Marc, > Seriously, the documentation on Windows Server security is very good, and > if you work your way through it you will cover most things quite quickly. > http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx > Anthony, http://www.airdesk.co.uk > > > > > "Marc" <marc@_REMOVE_THIS_> wrote in message > news:uoaW49dBIHA.1188@TK2MSFTNGP04.phx.gbl... >> Hi, >> >> you described Disaster recovery plan, but I need security audit, which >> means check my server (HW + SW) issues and investigate for black holes, >> if some ports are accessible from Internet, how to check port 25 (is it >> just mail or someone wich hacking knowledge could entire there....)..... >> >> Thnx! >> >> >> >> "Coraleigh Miller" <coraleighmiller@yahoo.com> wrote in message >> news:OA8W0hcBIHA.1184@TK2MSFTNGP04.phx.gbl... >>> >>> Hi Marc, >>> >>> Also document physical access, such as whether or not your servers are >>> in a secure room and who has keys to that room. Also if you use backup >>> media, you could document the process it goes through, such as if its >>> encrypted or not, if a security company picks it up at the end of the >>> day for storage, or if it just goes home with you. >>> Also.. perhaps more of a DR documentation but you could document your >>> environmental situation in your server room like if you have UPS power >>> ample for your servers and equiptment, and if there is a proper air >>> temperature in the room, etc. >>> >>> Coraleigh Miller >>> >>> >>> "Marc" <marc@_REMOVE_THIS_> wrote in message >>> news:eUE1Z3XBIHA.1204@TK2MSFTNGP03.phx.gbl... >>>> Hi, >>>> >>>> >>>> >>>> I want to create official document for my company (I'm a system >>>> administrator) for currently security status. Can explain somebody >>>> further what should contain that document? As I heard I must check >>>> windows updates on all computers, check for open ports (from outside), >>>> check network traffic through critical ports (25).. What else? >>>> >>>> >>>> >>>> Thnx! >>>> >>>> >>> >>> >> >> > >
Guest Anthony Posted October 3, 2007 Posted October 3, 2007 Re: Security network audit Glad it helps! Anthony, http://www.airdesk.co.uk "Marc" <marc@_REMOVE_THIS_> wrote in message news:enManmfBIHA.3900@TK2MSFTNGP02.phx.gbl... > Hi Anthony, > > many thanks, document is very useful for current issue. Thnx again! > > > > > "Anthony" <anthony.spam@spammedout.com> wrote in message > news:OIQrCDfBIHA.912@TK2MSFTNGP05.phx.gbl... >> Marc, >> Seriously, the documentation on Windows Server security is very good, and >> if you work your way through it you will cover most things quite quickly. >> http://www.microsoft.com/technet/security/prodtech/windowsserver2003/w2003hg/sgch00.mspx >> Anthony, http://www.airdesk.co.uk >> >> >> >> >> "Marc" <marc@_REMOVE_THIS_> wrote in message >> news:uoaW49dBIHA.1188@TK2MSFTNGP04.phx.gbl... >>> Hi, >>> >>> you described Disaster recovery plan, but I need security audit, which >>> means check my server (HW + SW) issues and investigate for black holes, >>> if some ports are accessible from Internet, how to check port 25 (is it >>> just mail or someone wich hacking knowledge could entire there....)..... >>> >>> Thnx! >>> >>> >>> >>> "Coraleigh Miller" <coraleighmiller@yahoo.com> wrote in message >>> news:OA8W0hcBIHA.1184@TK2MSFTNGP04.phx.gbl... >>>> >>>> Hi Marc, >>>> >>>> Also document physical access, such as whether or not your servers are >>>> in a secure room and who has keys to that room. Also if you use backup >>>> media, you could document the process it goes through, such as if its >>>> encrypted or not, if a security company picks it up at the end of the >>>> day for storage, or if it just goes home with you. >>>> Also.. perhaps more of a DR documentation but you could document your >>>> environmental situation in your server room like if you have UPS power >>>> ample for your servers and equiptment, and if there is a proper air >>>> temperature in the room, etc. >>>> >>>> Coraleigh Miller >>>> >>>> >>>> "Marc" <marc@_REMOVE_THIS_> wrote in message >>>> news:eUE1Z3XBIHA.1204@TK2MSFTNGP03.phx.gbl... >>>>> Hi, >>>>> >>>>> >>>>> >>>>> I want to create official document for my company (I'm a system >>>>> administrator) for currently security status. Can explain somebody >>>>> further what should contain that document? As I heard I must check >>>>> windows updates on all computers, check for open ports (from outside), >>>>> check network traffic through critical ports (25).. What else? >>>>> >>>>> >>>>> >>>>> Thnx! >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
Recommended Posts