Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
«169 »
  • Post
  • Reply
Cup Runneth Over
Aug 8, 2009

She said life's
too short to worry
She said life's
too long to wait
It's too short not
to love everybody
Life's too long to hate

It was probably a signed integer overflow is all

Adbot
ADBOT LOVES YOU

Potato Salad
Oct 23, 2014




Tortured By Flan

ThePagey posted:

So this question is going to be pretty vague, if only because I have literally 0 experience with the practical application of things beyond theory at this point and am going to be spending the next few months learning as I go, but I'm transitioning into a new role modernizing small business' security solutions and am curious what you guys think the best practices to implement might be. Assume I'm a complete loving idiot, if you don't mind (because I am),

I'm mostly looking for a suite of solutions that'll cover most of the things they'll need, given that most of the systems I've seen in small businesses pretty much boil down to what you'd find in a tech illiterate SOHO, things like fresh out of the box firewalls, factory setting routers, no intrusion detection software, etc etc.

This is probably a pretty broad question, but I trust you guys (lol) more than I trust just loving about on the internet looking for the best solutions blindly, so any help would be appreciated.

ETA: Also if anyone has any links or something that might be useful instead, I'll totally take those too.

Also ETA: I figure it's probably a good idea to give some context into what I'm familiar with. I've done IT administration with small businesses before in smaller roles, though it's mostly boiled down to building and configuring desktops, simple networks, and pretty simple help desk style troubleshooting. Tier 1 dabbling in more specialized stuff. I'm currently in a degree program for Cyber Security and Information Assurance, which is why I say I understand most of the theory and some of the fundamentals, though I haven't had any practical experience configuring secure environments just yet.

I've recently gotten some pretty dope offers from some friends-of-friends to do some IT work for them, and figure this is a good way to get some of that practical training, but seeing as they handle things like social security numbers and do credit checks, I don't want to just run in without doing research first and end up getting them hosed over.

I figure, bare minimum, I need to have a conversation with them about the basics of social engineering and best practices they can perform without much issue (like password strength, privacy filters, locking their loving computer screen when they step away), but seeing as most of these people fall into the "Click the phishing link because it offers to save them money" category of internet user, I want to try and make it as hands-off and idiot-proof as possible.

Honestly? Look at maybe getting Office365 E5 licenses and going full cloud based. You get so many simple-to-use DLP tools in a turnkey manner, and Defender ATP is maybe the most turn-key-see-results pseudo-SIEM/automated-DFIR tool you can buy right now if you're completely in a M365 environment.

Potato Salad
Oct 23, 2014




Tortured By Flan

I have hosed around enough with a client totally in 365 to know that, especially for someone with zero starting experience, your quickest path to passable defence is going to be to use a cloud environment that already does most of the hardest work (building detection response orchestration flows, consuming logs from your desktop and server fleet and actually building out decent alarms and investigation views with them, securing email, securing file sharing and implementing conditional access, MFA....)

....for you.

Potato Salad
Oct 23, 2014




Tortured By Flan

Triple post, but at best all that one person can do by themselves is set up a bunch of security products that do jackshit with each other, get old, and utterly fail to secure the environment against anything more intricate than a dictionary attack against your file shares.

Security requires buy-in and experience from every element of your infra team: your network employee, your storage and backup employee, every server toucher and developer, etc. If you don't have that, move to a every-feature-you-could-need cloud and call it a day.

Or just keep pretending that a perimeter VPN and an unpatched ASA make you secure.

If I woke up one morning and found myself magically in your position and couldn't quit, I would immediately want everything valuable in a cloud that by default is significantly more secure than what I've got presently, because suddenly the greatest bottleneck is my focus and attention.

Potato Salad fucked around with this message at Oct 21, 2018 around 14:22

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
«169 »