Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Basic Small Office IT Security?

  1. #1
    Join Date
    Mar 2007
    Location
    Austin, TX, USA
    Beans
    56
    Distro
    Kubuntu 11.04 Natty Narwhal

    Basic Small Office IT Security?

    Simple Question, what is the basic security measures you'd recommend for a 3 man office?

    Security, unfortunately, is always a cost. It never brings in revenue. There is a trade off of security which prevents downtime vs expense of locking it all down.

    I've been an Ubuntu user for years, and have had to step up my knowledge of security when we began getting web hack attacks last year from China. I had to learn about dd-wrt and install a better firewall, but I know that firewalls are not the biggest hole but one that gets the most attention.

    Part of the answer lies in what we do, which is just oil and gas data warehousing. A breach would steal data which is only valuable to 100 companies on earth. Further the data is perishable, so after a year or two it is worthless. Thus, we've been more concerned with silo-ing our CRM and our main db.

    But I'd like to hear what else should we do. Setting up a snort station seems like a bit of a cost and overkill for a 3 man office. App-armor maybe?

    I've read the links on Basic Safety and some of the more advanced by bodhi.zazen Ubuntu Security.

    I know I need to meet the basic level, but beyond that I'd like to hear your opinions.
    The Institute for Mapping Technology offers GIS training using open source software and education on Deep Web Research

  2. #2
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Basic Small Office IT Security?

    Totally depends on what you're running in your office. Do you have a file server? email server? web server? If so, separate machines or all one? What's facing the internet? Will everyone work from home and connect to the office remotely? What protocol?

    What platform is everything running on?

    I take it one of the 3 men in the office will deal with IT, but that person has other oil/gas responsibilities? How much time do you have to dedicate to IT services?

  3. #3
    Join Date
    Apr 2011
    Beans
    207
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Basic Small Office IT Security?

    Well - I very much doubt the pentagon or any other major security establishment have all their PC's exposed to the internet.

    One possible idea is to have two separate networks. One for internal use and one for internet use. You'd need twice as many computers but it would separate all your sensitive data from the web.

    Just an idea...
    You can take my trousers but you won't take my Freedom !

  4. #4
    Join Date
    Mar 2007
    Location
    Austin, TX, USA
    Beans
    56
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: Basic Small Office IT Security?

    Quote Originally Posted by Ms. Daisy View Post
    Totally depends on what you're running in your office. Do you have a file server? email server? web server? If so, separate machines or all one? What's facing the internet? Will everyone work from home and connect to the office remotely? What protocol?

    What platform is everything running on?

    I take it one of the 3 men in the office will deal with IT, but that person has other oil/gas responsibilities? How much time do you have to dedicate to IT services?
    That is the rub, one of us has to do it. I've got the most experience, so it'll likely be me. Outsourcing is likely to be too expensive. On the flip side my time is expensive, so I need to balance the time needed to defend 98% as the last 2% costs more to defend than a breach would cost.

    Most of our web hosting is external, but we have one webserver in house that also hosts a GIS stack. ssh, www, and VNC face out. SSH had attacks all the damn time until we shut that down. Apparently the Chinese put petrochemical targets on their priority list last year. We saw the honker nation knocking on our back doors.

    I joined OWASP and now know we need to tighten up some php code. So we'll get Top10 compliant later this year.

    Then we have two db, a Postgres and mySQL on a single box, dedicated. Only the db ports open to the world. rthunter runs nightly to look for suspicious stuff.

    And one accounting machine faces the web, vnc port only.

    After we're done some security upgrades recommended here, we'll hire a pen tester to test us and then fix more from that analysis.
    The Institute for Mapping Technology offers GIS training using open source software and education on Deep Web Research

  5. #5
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Basic Small Office IT Security?

    Quote Originally Posted by Grandma_DOG View Post
    And one accounting machine faces the web, vnc port only.
    First step is to stop exposing VNC to the internet. VNC is inherently insecure and the password can be cracked in seconds. If you must use VNC for whatever reason then bind it to accept connections from localhost only and use SSH tunnelling to connect.
    Cheesemill

  6. #6
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Basic Small Office IT Security?

    Quote Originally Posted by Grandma_DOG View Post
    Most of our web hosting is external, but we have one webserver in house that also hosts a GIS stack. ssh, www, and VNC face out. SSH had attacks all the damn time until we shut that down. Apparently the Chinese put petrochemical targets on their priority list last year. We saw the honker nation knocking on our back doors.
    As far as ssh goes, it's normal for bots crawling the web to brute-force your ssh password. I presume that you have followed the security recommendations (use keys, disable password login) here?

    https://help.ubuntu.com/community/SSH

    For the rest of security, I recommend you do some reading.
    Google for a PDF: NIST SP 800-123, Guide to General Server Security

    You may seriously consider hiring a contractor to set up the system and to give you some routine tasks that you'll need to do to maintain the system. Get some quotes, then compare that to the cost of your time that it will take to get the same thing done.

  7. #7
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Basic Small Office IT Security?

    Quote Originally Posted by Grandma_DOG View Post
    Then we have two db, a Postgres and mySQL on a single box, dedicated. Only the db ports open to the world. rthunter runs nightly to look for suspicious stuff.
    Is there a reason your DB servers are exposed to the internet?

    And one accounting machine faces the web, vnc port only.
    Is this a Windows box? Why are you running VNC?

    After we're done some security upgrades recommended here, we'll hire a pen tester to test us and then fix more from that analysis.
    If you hire a pen tester, they are going to have fun owning your network.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  8. #8
    Join Date
    Sep 2011
    Beans
    1,531

    Re: Basic Small Office IT Security?

    Quote Originally Posted by CharlesA View Post
    If you hire a pen tester, they are going to have fun owning your network.
    You will be TOTALLY wasting your money for a pen test if you haven't employed basic security measures first. But that will require research on your part or hiring a pro to do it for you.

  9. #9
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Basic Small Office IT Security?

    Quote Originally Posted by Ms. Daisy View Post
    You will be TOTALLY wasting your money for a pen test if you haven't employed basic security measures first. But that will require research on your part or hiring a pro to do it for you.
    Agreed.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  10. #10
    Join Date
    Mar 2007
    Location
    Austin, TX, USA
    Beans
    56
    Distro
    Kubuntu 11.04 Natty Narwhal

    Re: Basic Small Office IT Security?

    Quote Originally Posted by CharlesA View Post
    Agreed.
    I agree, too.

    Which is why we need to button up first. The question is how much.
    The Institute for Mapping Technology offers GIS training using open source software and education on Deep Web Research

Page 1 of 2 12 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •