May 13 2008 4:06PM GMT
Posted by: Troy Tate
howto,
CIO,
DataCenter,
DataManagement,
email,
Microsoft Windows,
Networking,
LAN,
WAN,
Security,
antivirus,
malware,
Monitoring,
anti-virus,
metrics,
reporting,
research,
tools
An acquisition or merger is not a frequent event for my organization. However, it seems like in the past year or so we have worked on a number of these activities. So, it seems like it may be time to create a formalized checklist for the IT department items that need to be addressed during an acquisition.
To get the ball rolling, I am listing some items that I consider to be important to the infrastructure/security folks like me. I know this list is not exhaustive or complete. It is a work in progress and will need to be refined for each event since they are all different. Some of these may be done in the due-diligence but the rubber hits the road during the implementation.
So, without further ado:
Absorbing a new acquisition - to do list (general & incomplete)
- Private WAN connectivity - 30-90 days or more lead time depending on location
- flexible IP addressing scheme to absorb devices on new network(s)
- Internet firewall changes - ports, source addresses, NAT, etc.
- DNS ownership and management
- changing DNS nameservers - use a dig tool to get information concerning current configuration - MenAndMice
- Network hygiene - how clean are the devices and what personnel habits need to be changed?
- Device inventory - what effort will it take to do this?
- Software licensing inventory
- What about handling loss of staff & knowledge?
- Documentation of processes, procedures, configurations?
- Phone list sharing
- E-mail addressbook sharing
- E-mail system integration
- ERP process integration
- Resource access permissions
- Financial reporting integration - accounts payable, receivable, tax, etc.
- Staff reporting structure
- Other HR activities - benefits, payroll, etc.
I welcome your insight and experience on the many other activities you feel is important to address during a merger/acquisition.
Thanks for your time. Let’s be good network citizens together & practice safe networking!
May 9 2008 6:20PM GMT
Posted by: Troy Tate
anti-virus,
Data security,
howto,
CIO,
DataManagement,
Sandbox,
Security,
antivirus,
forensics,
malware,
Monitoring,
research,
honeynet,
honeypot,
botnet,
SQL Server
I just came across the Shadowserver Foundation. According to their mission:
The Shadowserver Foundation is an all volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. It is the mission of the Shadowserver Foundation to improve the security of the Internet by raising awareness of the presence of compromised servers, malicious attackers, and the spread of malware.
This is a great resource to find out what’s happening “in the wild” and to help sell security protection to your organization. This is real stuff happening in the real world. For example, take a look at how detailed the blog entry is on the winzipices.cn SQL injection / malware attack. This gives you enough information to fight the threat and feel confident you understand it. Well done to the Shadowserver Foundation!
Thanks for your time. Let’s be good network citizens together &
practice safe networking!
