Comment Security Enforcement (Score 2) 106
Your stated a machine base of 10% linux, I am assuming that a good persentage of the remaining un-managed boxen are windows.
I agree with most of the statements that suggest firewalling, security policy, etc.
Your problems in my opnion will be the enforcement of the policy, creating a policy, implementing the policy, and user complaints based on the policy.
Implementation will be one of the hardest aspects(beside enforcement). You will have to assume that the majority of your users are idiots, and write comprehensive step by step documentation
that will lead them by the hand through the process of securing their machines.
Enforcement of the policy will also be hard, a simple port scan, or external security tool run will catch blatant violations. Where I see problems is in the realm of the more subtile aspects, things that can only be checked by internal access to the machine. Do you have the manpower/inclination/time to run around and check all the machines that are in use?
The soloution IMHO is to combine good firewall
policy, with good internal security policy(someone who knows the numbers can point out how many security violations are internal), both of which need to be combined with user education as to why security should matter to them.
Keep in mind though, that as soon as the firewall goes up, and the policy becomes enforced, you will get complaints from all manner of users. Asking why "the thing they did yesterday" doesn't work today, with little to no more information.
Sorry I'm rambling.
I agree with most of the statements that suggest firewalling, security policy, etc.
Your problems in my opnion will be the enforcement of the policy, creating a policy, implementing the policy, and user complaints based on the policy.
Implementation will be one of the hardest aspects(beside enforcement). You will have to assume that the majority of your users are idiots, and write comprehensive step by step documentation
that will lead them by the hand through the process of securing their machines.
Enforcement of the policy will also be hard, a simple port scan, or external security tool run will catch blatant violations. Where I see problems is in the realm of the more subtile aspects, things that can only be checked by internal access to the machine. Do you have the manpower/inclination/time to run around and check all the machines that are in use?
The soloution IMHO is to combine good firewall
policy, with good internal security policy(someone who knows the numbers can point out how many security violations are internal), both of which need to be combined with user education as to why security should matter to them.
Keep in mind though, that as soon as the firewall goes up, and the policy becomes enforced, you will get complaints from all manner of users. Asking why "the thing they did yesterday" doesn't work today, with little to no more information.
Sorry I'm rambling.
