Solved

Any Reliable IT Security Consultants in LA?

Posted on 2011-09-12
4
307 Views
Last Modified: 2012-05-12
A CEO friend is concerned that the head of his IT department may be abusing privileges and poking into things he shouldn't be. The guy seems to know a lot about incoming e-mails, documents, and other stuff that should be private.

Without going into details, the CEO doesn't want to take my initial recommendation (fire the guy immediately). He'd rather keep him and instead take away temptation by locking down areas of the network like the contents of the mail server or the CEO's personal hard drive / network share that aren't necessary for the guy to do his job -- or at least have some tools to monitor and notify him of internal abuse.

I feel for my friend and really want to help him out. He's great at running his company but knows nothing about IT. I realize this probably ends up with the IT guy out on his ear, but before that happens, can someone please recommend a great, reliable LA-based consultant who can come in, review policies, and help put some controls in place?
0
Comment
Question by:RedmondGuy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
Jacobfw earned 167 total points
ID: 36526884
I am going to suggest that he saves his money from a consultant and understand that any IT personnel that has lost the confidence of the CEO needs to go.   Any consultant that would take his money and promise to lock down the network to such a degree so going to need ongoing access to ensure compliance with these new policies.  Can he trust the consultant?

IT must be above suspician or be subject to audit and review.  In a little shop, it just comes down to trust.

Jacob
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 333 total points
ID: 36527214
I hate saying 'me too'...but Jacobfw is on the money.

The head of IT in a small company can see everything.  If it's locked down...the master admin is the person who would lock it down _and_ open it up again.

Even in "no admin access" situation like contracted storage, the admins supposedly have no direct-access to bit-level storage, thus there are no files to see.  But, they could gain access to web page logins, thus giving the files up while logged in as the original user.

Access need be logged and monitored and audited.  You can see simultaneous logins or logins from disparate locations (20 miles but only two minutes apart).  In a small business there isn't that level of monitoring (generally).

A partial solution is 100% monitoring of all workstations with a product like Spector360.  But, again, the master admin is the person with rights to exclude workstations or time periods, or could attach a personal computer that is not monitored.

Exchange's Outlook Web Access (OWA) makes it incredibly easy to log in as another user on the fly, read message traffic, then logout again.  This makes email snooping easy from any location that has web access to the mail server.

At the very least, even if access is "allowed", the admin's job is discretion.  Maybe I know that the IRS is setting up an audit next week.  I wouldn't talk about it.  Maybe I know that XYZ is getting a divorce or has a wage garnishment...I wouldn't blindside a co-worker with advice or sympathy...it's out of line.

Even a congratulations to a buddy for a pay-raise...because you saw some HR traffic or files...would be grounds for reprimand or dismissal in some larger organizations.

People _do_ snoop.  That's why there are controls and expectations.  Obviously, with an admin, controls are a problem. Expectations should be made clear.  Has the CEO ever made the expectations of privacy clear?  The old-school 'god complex' can still be found with some admins.  If the person was hired with no guidelines, he/she would naturally adopt established patterns of behavior.

You can't take away the priveleges without hiring another admin or consultant with more priveleges and experience in counter-snooping (if that's a technical term).  Now you have another heap of problems to deal with.  Dueling admins could be destructive.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 333 total points
ID: 36527224
"....unless you manage all aspects of Exchange by yourself, you are going to have to delegate some administrative tasks and therefore trust those responsible for these tasks...."

From this page on expanding the Exchange server monitor to log more than just the last login.

0
 

Author Closing Comment

by:RedmondGuy
ID: 36530577
Not exactly as asked, but can't fault the logic.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question