[unisog] Network security auditing

Quesada, Antonio aquesada at ediltd.com
Mon Jun 3 18:16:36 GMT 2002


I guess what I would say is this. 
Just making sure you have the latest patches and latest
version of the software is something you can do with the
help of some very reliable students. 

But finding people breaking the rules and installing machines
that violate the policies requires exactly that, rules and policies
in place. 

That would be a good place to start. And it involves not only the outside
guys, 
it must involve the powers at your institution, the important users that 
cannot say "yes" but have the power to say "no", and the outsiders
(consultants)
to mediate and provide a different perspective. 

That is what I do consider important. 

Running Cybercop or one of the new Microsoft tools, and printing 
a large report, anyone can do that. 

I hope this helps. 

Antonio




-----Original Message-----
From: Erik Ball [mailto:Ball at xavier.edu]
Sent: Monday, June 03, 2002 9:36 AM
To: <
Subject: [unisog] Network security auditing


We are throwing around the idea of having a outside company perform an
all inclusive network security audit.  We are still collecting
information.  I was wondering if there were any organizations that you
have dealt with and how impressed/unimpressed you were with them?  Did
you see it as being worthwhile?  Would you recommend one company over
another?

Thanks,
Erik Ball
--------------------------------
Xavier University
Network Security Engineer



More information about the unisog mailing list