Domain: trigeo.com
Stories and comments across the archive that link to trigeo.com.
Comments · 14
-
Thank Heavens for Competition
Try something that works WITH you as a SECURITY appliance, as opposed to yet another sales opportunity. There is lots of competition that easily beats MARS in functionality, ease of use and comprehensive support. TriGeo, for one.
-
Re:Read Only Drives
Impractical, because it requires you to dedicate a drive to the stuff that can be mounted RO. Just mount the PARTITION read-only, instead.
If you have more than one machine, get a dedicated syslog server and send the logs from the other machines over to it. This way logs aren't on the main machines and it is much harder to compromise the audit trail.
For businesses, get something like a Trigeo appliance and keep an eye on the behavior of everything.
Make sure all your permissions/rules are based off the concept of "default deny, explicit allow".
You could also built a monolithic kernel and not allow modules at all. Kind of hard to insert a corrupt module if the kernel isn't modular!
Charles -
Re:Simple solution...
They were all heavily regulated industries, like banks and investment institutions.
Many had viruses that were found to have originated from web-based e-mail, causing major headaches and lots of downtime. I had this happen once at a hospital and that was all she wrote for web-based e-mail.
Many viruses contain their own SMTP engine, so the easy way to detect and neutralize them is to have your firewall block port 25 communications to/from any system EXCEPT your authorized mail servers. Your monitoring agent should light up like a Christmas tree when you do this and get infected.
Some of the managers were seriosuly anal. I had one guy tell me "I pay them for 40 hours worth of work, I don't want to see ONE MINUTE of web browsing or personal e-mail." This company later offered me a permanent position. I politely declined.
Others allowed time-based holes, such as lunch hour and after hours for general browsing.
Many took the sane route. Announce, log, monitor and then only go after serious offenders. Block the serious sites flat out, like porn and gambling. Then, if necessary, traffic shape to other sites or block by MAC address.
Again, you really need some dedicated people. This is NOT an afterthought or part-time job if you organization has more than 20 people.
I used to work for a company that had an excellent product that could interface with this. TriGeo Network Security's SIM would be perfect in this situation.
Charles -
This is a very big market...
...for tools like this one. Banks and other regulated industries are all over it.
-
Re:What is your favourite tool?
In that list only two "information management" or "intrusion management" applications are listed. GFI Languard (actually mentions lanscan but calls it Languard) and possibly etherape. There is no mention of any commercial products (Contego NetIQ Tivoli Risk Manager ArcSight NeuSecure) or free (ACID SnortSAM) products.
What is your opinion of this class of products in their ability to allow a network admin to be knowledgable about the security of their own network and respond to threats? -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
SIM Solution for HIPPA compliance
SIM Solution for HIPPA compliance
TriGeo Network Security -
Would you like to know more?