Re: OT: Educating users about Security

Top Page
This message is part of the following thread:
M---\the complete thread tree sorted by date
M--\M-+\Alan Dayley at <-
M+\MM\MMJim at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jim
Date:  
To: plug-discuss
Subject: Re: OT: Educating users about Security
There's been some talk about convincing the boss of the need to improve
the security of their network. I'll tell you about what happened at a
place I worked at.

When I started, the office's internet access was limited to a dialup
connection. Sometimes the developers needed to download large files, 15MB
or larger. When this happened, I was sent to Glendale Community College
with a zip disk. The comany also didn't have any anti virus software.

One day we finally got a T1 line, but still no anti virus software. The
T1 line went into the server which was an NT4 box.

Eventually the boss bought anti virus software and had me help him install
it on all the machines in the office. The next day one of the developers
told the boss that one of the machines he used appeared to be infected. I
was sent to the machine to fix the problem. I had Sophos scan every file
on the machine. It found over 90 seperate viruses. Not 90 infected
files, but over 90 individual viruses.

Eventually the boss decided to set up a linux box to protect the NT box
from the internet. One thing I did often was install new patches on the
workstations the employees used. The boss looked after the server itself.

One Monday I got to work and found I couldn't log into the network. When
he got in the boss looked at the server and found that the Friday
afternoon before, a customer had emailed us a 7MB database. There was no
problem here as we were expecting it, but something somewhere went wrong
and multiple copies of that file kept coming in. Over the weekend the C:
drive on the server filled up.

One morning the boss found out that someone had hacked the linux box. He
removed it and plugged the T1 line into the NT server. The next day I
found out that although the boss always had me going around and installing
patches on the workstations, he never installed any on the server. Nobody
could log in that morning. It turns out someone had hacked the server
overnight and filled the C: drive with warez and porn.

There wasn't much room for the hackers. The C: drive had about 750MB of
free space. The os, mail spool and everything else the server used was on
the C: drive. The stuff the users shared was on the D: drive.

Go figure.

--
In 08 vote for a crook you can trust.
Del Boy for President.
http://www.ofah.net

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: OT: Educating users about SecurityRe: OT: Educating users about Security->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)