|
Posted by S. Pidgorny on September 19, 2008, 7:54 pm
If you were Registered and logged in, you could reply and use other advanced thread options
G'day:
Malke wrote:
> Vic wrote:
>
>> So, what I have done, and let me know if this will take care of the
>> problem, is I've unplugged their wireless router from our network until I
>> can contact their technical person ( which will be my next call, pending
>> your reply) and tell him to call someone to add network drops to their
>> router and plug his wireless router into his own network switch.
>>
>
> Not exactly. It's a good step, but I'd:
>
> 1. Have the security professional come in and take a look at your network.
>
> 2. Consider flattening/reimaging your workstations and server. You have no
> idea whether they've been compromised. The security professional - not
> theirs, *yours* - needs to make this determination.
>
> 3. If you aren't regularly imaging your workstations and server, you need to
> do this. Ditto for backups and creating a disaster recovery strategy.
>
> 4. I'm sure the security professional will also suggest that your server and
> networking equipment should be in a locked room accessible only to a very
> few authorized personnel.
>
> Malke
Disconnecting the wireless bridge may be the only option immediately
available. Following your recommendations, however correct, will take
time and probably need to involve more people making decisions. While
investigations are pending and there is no evidence of systems'
compromise and data theft, continuing business as usuall is pretty much
the only available option.
I would say, conceptually, that connectivity should go via
bank-controlled router/switch to avoid situations like that.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
| 
XML site map