I’m a It Director at lasrge Media firm in NY. Looking at the security overhaul in the recent months and business looking to cxonsolidate the offices enviornment the talk of the town is to have ALL IN One device which does Firewall,IDS,VPN etc. I thought layerd security approach was the way to go but it seems some security groups have different ideas about the implementation. What are your thoughts about the products like Cisco ASA and Fortinet device?

Does Nortel has something comprable to Cisco ASA device?

Thanks in advance for your response.

Regds

I realize you have a variety of options when it comes to choosing a Windows line of defense, but I’m trying to get a sense of how many people actually lock down Windows at the data level. Do you invest most of your protection efforts at the data, perimeter or network level? What measures do you take to keep your Windows data secure even if the perimeter is compromised? Do you have data protection plans or products in place?

Another issue is that networks and applications are often treated as separate entities that never interact. This may be because they have different people maintaining them, unique security policies, etc. Is this the case in your shop?

I’m collecting this information for possible technical tips or a trends article on SearchWindowsSecurity.com.

Thanks for your time and attention. I hope to hear from you soon.

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/

He specifically said: “I ended up taking over the security functions because no one else was looking after them. I’ve learned a lot (enough to know there’s so much more to learn), earned my CISSP and started specializing in MS Windows security. I never really set out to do that though.”

Does this sound familiar to you? Were you recently or temporarily assigned Windows security responsibilities because they weren’t being handled? Did you choose to take over Windows security on your own? How long have you been working at it, or plan to?

Any feedback is appreciated. I will include comments in a story for SearchWindowsSecurity.com. I’m just trying to get a sense of how people got into the Windows security field, how long they’ve been in charge of securing Windows systems and if they plan to stay there.

You may contact me publicly or privately. Thanks for your time and attention!

Best regards,
Robyn Lorusso
Editor
SearchWindowsSecurity.com

http://searchwindowssecurity.techtarget.com/

I’m in a position to redesign our IT systems (network, servers, PCs, software, etc.) this summer, and I am undecided on which path to take. I’d like to disconnect our systems from the Internet so that we don’t have to deal with all of the garbage that comes from the Internet via e-mail, browsing, etc. However, I also need to provide Internet access for our company to run its business.

My company has about 50 employees and all have computer
accounts, e-mail and Web access. I’m looking for an innovative solution in which we are not dependent on an arsenal of prevention and detection hardware and software, but instead I’d like our systems to not be vulnerable in the first place. For example, our e-mail gets scanned through four virus detection systems, and we still have seen viruses pass right through since updated virus definitions were not available in time. Yes, we could switch to Macs or Linux or some other less popular systems, but eventually they too will become targets.

So I’m hoping that there is enough good technology available such that we can design an invulnerable system (and/or procedure) for safe computing. As an analogy, we can get lots of advertising in our home snail mailbox, but all we have to do is throw out the stuff we don’t want, so only the good mail gets in through our front door. Similar idea regarding a bookstore or library — we go there to read, watch videos, checkout books or buy books to bring home. So how can we do that in the computer world? Perhaps some kind of user sandbox for any Internet related activity — e-mail viewing, browsing, downloading, streaming video, etc?

I’ve seen several possible solutions — ShadowUser and ShadowSurfer, DeepFreeze and FreezeX, using a thin client connecting to a Citrix server that runs a Web browser and e-mail program (i.e. Internet Explorer and Outlook), etc. The big issue I see with some of these sandbox or freeze programs is that there are some changes that need to be made to a PC or a user’s profile as part of their business use of the PC. It seems that it would be difficult to freeze some parts of the profile and/or registry but not others due to the underlying Windows design. One other thought is to buy some one appliance that does it all regarding prevention and detection of bad stuff (however I’d buy this device regardless of my final strategy as a backup filter). I spend a good deal of my time with security issues when my time should be spent improving the IT systems and helping our users take more advantage of software that can help their jobs and the company in general.

I was hoping that someone might have some suggestions? There must be a simple strategy to keep our systems safe other than pulling the Internet plug.