Solved

Any Reliable IT Security Consultants in LA?

Posted on 2011-09-12
4
306 Views
Last Modified: 2012-05-12
A CEO friend is concerned that the head of his IT department may be abusing privileges and poking into things he shouldn't be. The guy seems to know a lot about incoming e-mails, documents, and other stuff that should be private.

Without going into details, the CEO doesn't want to take my initial recommendation (fire the guy immediately). He'd rather keep him and instead take away temptation by locking down areas of the network like the contents of the mail server or the CEO's personal hard drive / network share that aren't necessary for the guy to do his job -- or at least have some tools to monitor and notify him of internal abuse.

I feel for my friend and really want to help him out. He's great at running his company but knows nothing about IT. I realize this probably ends up with the IT guy out on his ear, but before that happens, can someone please recommend a great, reliable LA-based consultant who can come in, review policies, and help put some controls in place?
0
Comment
Question by:RedmondGuy
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
Jacobfw earned 167 total points
ID: 36526884
I am going to suggest that he saves his money from a consultant and understand that any IT personnel that has lost the confidence of the CEO needs to go.   Any consultant that would take his money and promise to lock down the network to such a degree so going to need ongoing access to ensure compliance with these new policies.  Can he trust the consultant?

IT must be above suspician or be subject to audit and review.  In a little shop, it just comes down to trust.

Jacob
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 333 total points
ID: 36527214
I hate saying 'me too'...but Jacobfw is on the money.

The head of IT in a small company can see everything.  If it's locked down...the master admin is the person who would lock it down _and_ open it up again.

Even in "no admin access" situation like contracted storage, the admins supposedly have no direct-access to bit-level storage, thus there are no files to see.  But, they could gain access to web page logins, thus giving the files up while logged in as the original user.

Access need be logged and monitored and audited.  You can see simultaneous logins or logins from disparate locations (20 miles but only two minutes apart).  In a small business there isn't that level of monitoring (generally).

A partial solution is 100% monitoring of all workstations with a product like Spector360.  But, again, the master admin is the person with rights to exclude workstations or time periods, or could attach a personal computer that is not monitored.

Exchange's Outlook Web Access (OWA) makes it incredibly easy to log in as another user on the fly, read message traffic, then logout again.  This makes email snooping easy from any location that has web access to the mail server.

At the very least, even if access is "allowed", the admin's job is discretion.  Maybe I know that the IRS is setting up an audit next week.  I wouldn't talk about it.  Maybe I know that XYZ is getting a divorce or has a wage garnishment...I wouldn't blindside a co-worker with advice or sympathy...it's out of line.

Even a congratulations to a buddy for a pay-raise...because you saw some HR traffic or files...would be grounds for reprimand or dismissal in some larger organizations.

People _do_ snoop.  That's why there are controls and expectations.  Obviously, with an admin, controls are a problem. Expectations should be made clear.  Has the CEO ever made the expectations of privacy clear?  The old-school 'god complex' can still be found with some admins.  If the person was hired with no guidelines, he/she would naturally adopt established patterns of behavior.

You can't take away the priveleges without hiring another admin or consultant with more priveleges and experience in counter-snooping (if that's a technical term).  Now you have another heap of problems to deal with.  Dueling admins could be destructive.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 333 total points
ID: 36527224
"....unless you manage all aspects of Exchange by yourself, you are going to have to delegate some administrative tasks and therefore trust those responsible for these tasks...."

From this page on expanding the Exchange server monitor to log more than just the last login.

0
 

Author Closing Comment

by:RedmondGuy
ID: 36530577
Not exactly as asked, but can't fault the logic.
0

Featured Post

Save the day with this special offer from ATEN!

Save 30% on the CV211 using promo code EXPERTS30 now through April 30th. The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question