Irongeek.com
Joe
Professor at Indiana University Southeast Computer Science & Informatics departments Director of professional development for faculty
Adrian Runs Irongeek.com Has an interest in InfoSec education (ir)Regular on the ISDPodcast http://www.isdpodcast.com
Irongeek.com
Given only 25 minutes, tell us what a small business could do to help their security posture? You can expect a lot of buts and except fors because thats the nature of the business.
Irongeek.com
Integrity
Availability
Availability
Irongeek.com
Not cool or sexy, but important How often? Daily, Weekly, Monthly? Offsite storage! Why? Check to make sure you can restore from the backup What to use? Tape, another box, cloud? Not sure of a cloud provider to recommend, but check the providers:
Don't run as admin on your own machine This somewhat mitigates what malware can do on a system File shares with too open a permissions set? Lots of Windows software is badly designed to require more rights than it needs Tools to help with this include
Different passwords for different purposes (financial, social network, etc.) Users sharing a password? More secure and easier to remember
Pass phrases
Do you store passwords in apps where others can access them? Password Vaults
KeyPass - http://keepass.info/
Irongeek.com
Microsoft
Remember patch Tuesday and keep it holy Somewhat automated May want to do testing first Windows Server Update Services http://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
Linux
apt-get is lovely for package management, but hand installed web apps are a pain
3rd Party
Adobe auto updating? Shavlik NetChk http://www.shavlik.com/sol-patch-management.aspx GFI Languard http://www.gfi.com/network-security-vulnerability-scanner/ Secunia PSI/CSI http://secunia.com
Irongeek.com
Not a magic bullet If the malware is custom, you are out of luck Should help against wide spread common malware Concentrate on user awareness, patches, and least privilege Some suggestions:
Irongeek.com
Do you have a perimeter (hint not totally) Sites and browser issues WiFi (decreasing levels of protection)
Irongeek.com
What if someone gets access to the physical storage of your data? For Email
Public and private keys GPG http://www.gnupg.org/
Truecrypt http://www.truecrypt.org
Irongeek.com
Format may not remove as much as you think Data carving File and Drive wiping Secure Erase http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml DBAN http://www.dban.org/
Irongeek.com
Louisville Infosec Sept 29th http://www.louisvilleinfosec.com DerbyCon 2011, Louisville Ky Sept 30 - Oct 2 http://derbycon.com
Irongeek.com
42
Irongeek.com