Fortune 1000 Spam If industry is bad, just imagine government... The Register (via Slashdot) explores the volume of spam and phishing scams that originate from Fortune 1000 networks. While many bots are poorly secured residential PCs on broadband connections, those same users, of course, have work PCs, too -- many of them at companies like Best Buy, Oracle and HP. "If all these Fortune 1000 companies can have bots running on their systems," says one security analyst, "what do you think is happening to government [systems] in Kansas and Mississippi?"
|
 Reviews:
 ·Comcast
 ·Comcast Digital ..
| I can attest to that! I worked in a huge company where machines were compromised at least once a month.
I think giving all end users admin rights on their machines is not a good idea. My new company does not allow admin rights for end users. It creates additional work for IS but the payoff is that you assist the end user in not being a danger to themselves or anyone else.
--
The only place where Success comes before Work is in the dictionary. | |
|  | | | Re: I can attest to that! Here is one possible solution......all users running Citrix desktop sessions, locked down, no admin rights..... user doesn't like it, tough.... company policy... | |
| | | openbox9
join:2004-01-26
Alexandria, VA
kudos:2 | Re: I can attest to that! Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. | |
| | | | Reviews:
·Comcast
·Comcast Digital ..
| Re: I can attest to that! said by openbox9:Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. In my new company, not even the CEO has admin rights. Lol! It is a top-down policy. Some people have it (very, very, very (did I say very?) few).
For the most part, the ones who are dangers to themselves don't have it. Also, Corp IS has two separate accounts:
One User account
One Account Operator or another type of Admin account.
We work using mostly Citrix or Remote Desktop connections to ticketing system, remote control tools, etc. That way, we can still work on issues and log tickets but still locally logged in using a User account.
--
The only place where Success comes before Work is in the dictionary. | |
| | | | | openbox9
join:2004-01-26
Alexandria, VA
kudos:2 | Re: I can attest to that! It's great that you have support from the top. That hasn't been my experience. Granted, I do think the situation is changing, just not as fast as us geeky types would like. | |
|
| | | Reviews:
·Cox HSI
 ·World Lynx
1 edit | said by openbox9:Riiiight. That's a great policy if you have top-down support. In my experience, the top are often the first ones to violate (or direct violation of) policy. If that is the case, then they get what they deserve.... the bad thing about that is, they come down on your head for their ignorance..... 
In our line of work (elder healthcare), even upper management HAS to toe the line as far as IT policies, if HIPAA compliance is to be met. Too much at stake!! | |
| | | | | openbox9
join:2004-01-26
Alexandria, VA
kudos:2 | Re: I can attest to that! I made the comment below that until corporations experience financial implications, network/computer security simply aren't a concern. HIPAA provides that financial implication and therefor you will have positive response from the top. | |
|
|  OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL
1 edit | said by fatmanskinny:I worked in a huge company where machines were compromised at least once a month. I think giving all end users admin rights on their machines is not a good idea. My new company does not allow admin rights for end users. It creates additional work for IS but the payoff is that you assist the end user in not being a danger to themselves or anyone else. What about crackers?
It takes me less than 5min. to get Admin rights on any Windows based PC. | |
| | | | | Re: I can attest to that! With physical access, right? | |
| | | | OlegBellsouth FastaccessPremium
join:2003-12-08
Birmingham, AL | Re: I can attest to that! Yes. | |
|
bigjimc
join:2003-04-21
Middleboro, MA | Why doesn't the government prosecute them Oh yeah, any AG that would file charges against a Fortune 1000 company would be fired for some reason.
--
Just my 2 cents...Flame Lightly... | |
| |  morboComplete Your Transaction
join:2002-01-22
00000 | Re: Why doesn't the government prosecute them  | |
|
| | Reviews:
 ·Verizon FiOS
| Re: It all comes down to administration As an admin, I can add this:
-Corporate doesn't see the problem
-Management won't allocate resources or money
Comes down to spending money on marketing and less on systems. Rather you just reinstall OS (waste your time), and blame you for wanting a budget for tools, hardware, upgrades, licensing, software...
Used to work with an admin "gestapo" that almost punched several users. He even had a 5-button door pad to his office (he would yell at his fiance on the phone and we could hear it all day...glad we got him to leave). Then I worked with a department head that felt passwords were a hindrance. | |
| | | Reviews:
·Comcast
·Comcast Digital ..
| Re: It all comes down to administration said by cableties: Then I worked with a department head that felt passwords were a hindrance. Gotta love those employees who feel passwords are a hindrance to their work. I usually respond with "well, I will make a deal with you. I will remove all passwords from your computer accounts if you remove all locks and security systems (including firearms) from your home and car and provide the address of where you live."
How quickly the complaints about passwords disappear.....
--
The only place where Success comes before Work is in the dictionary. | |
|
|  devrandomI got a pot, full of random stuff herePremium
join:2003-06-28 | said by Nightfall:It is stories like that and this one that amaze me. Why are some good network admins without jobs these days? I read in an article once (and i'm forgetting who it was actually by, but it may have been one by Bruce Schneier) that pretty much summed up the answer to your question -- good IT practices are undervalued because tangible results are never seen by the people who fund it.
Action (buying tons of useless advertising hours on TV) = Profit
Prevention = ?? (but does = profit as any sane person who works in IT will know). | |
| | openbox9
join:2004-01-26
Alexandria, VA
kudos:2
1 edit | said by Nightfall:Why are some good network admins without jobs these days? Because bad network admins cost less money? In Corporate American, the bottom line is what matters. Until lack of security genuinely affects the bottom line, nothing will change. | |
| | | Reviews:
·Comcast
| Re: It all comes down to administration said by openbox9:said by Nightfall:Why are some good network admins without jobs these days? Because bad network admins cost less money? In Corporate American, the bottom line is what matters. Until lack of security genuinely affects the bottom line, nothing will change. TJX ?
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
|
| Reviews:
·Comcast
| said by Nightfall:It is stories like that and this one that amaze me. Why are some good network admins without jobs these days? Here is perfect example.
I left a nice admin job with good pay, with a fortune 500 , for a support role with another fortune 500.
From experience I can tell you that most of the "good" admins get let go because they don't get paid enough to deal with the crap they did.
I was making nothing compared to other managers at the first fortune 500. Actually less then half. The network ran smooth as silk every box was clean and quiet and we actually moved away from from 2 ds 3's to just 1 with a private fiber link to our other buildings. This saved us roughly $18 k a month.
I made a couple very critical mistakes in trusting managers close to me.
I had slashed the energy use in my managed offices by 70 % by using smarter things then just cutting a person. Things like lcd panels instead of crts every where. The cost was recouped in 3 months. Other things like setting pcs to sleep when not used for 2 hours. But left wake on lan on so our server could wake the system for updates and reboots. And some other cool things that saved so much money they could actually have built a whole fiber ring to all of our offices and dropped another ds3 in and let us lease out service to carriers.
In short the managers stabbed me in the back and took credit for it all because they signed the roi papers on my week off. So after a couple months they started getting promotions and raises I got crap except how come you never thought of that.
2nd company was a joke. I walked in and seen so much waste I couldn't handle it. Loaded proliant servers , serving internal webpages for 1 group of 12 people ! Every blade was loaded to the hilt with ram as well. I quickly found out that the people where using it to host lan games and having their friends outside running it as a public server for their clan. I made changes and turned it all off.
Well I must have offended a bosses minion because 2 weeks later I was pulled into the office and let go. They "laid" me off sighting cuts. They said I made to much and they couldn't keep paying me all this money to support this building. I looked in amazement as the guys would come in at 9 or 10 leave at 4 and take 2 hour lunches. Like it was a country club !
Now I am actually supporting many fortune 500's sitting in a cubicle and not getting paid as much but loving the whole group of people here and the lifestyle.
I want to get back into working in that environment because I am that type of person, but they won't pay for it because mr CEO needs 30 mill a year. It's absolutely crazy.
BTW I actually ask for less then market and usually get raises within the first 3 months. But now I see why many ask for huge increases in pay.
--
"It's always funny until someone gets hurt......and then it's absolutely friggin' hysterical!" | |
|
| | Reviews:
·Bright House
| Re: SPAM , the problem just continues to get worse. said by antiphishing:I have seen state agencies computers and local library free access computers infected with spyware and adware. Nothing is done about the problem because the people who run those computers are clueless about internet security. The local libraries are more worried about patrons doing damage then the real risk of scum on the internet accessing their computers. They are clueless to realize that their computers can be used as botnets to spread the problem of junk email. It's only after their computers get damaged or someone complains do they take action, which then they become paranoid and make more rules to protect themselves. It's always the person who uses the computers fault when it comes to these kinds of things. They are just to ignorant to look at the big picture of someone from another country accessing their computers across the internet. You'd think they would make a logon/off script that ftp'd the number of processes running, and the names, for each machine at the end of the day. They should ALL be running the same identical image, so if anything odd occured, they'd know right away...
--
SIPPhone/Gizmo # 17476200648 / PIMPNET Chatline / Ran by Asterisk & Slackware 10.1. | |
| | |  antiphishingPhishing Scam TerminatorPremium
join:2004-06-09
Wilkes Barre, PA
kudos:2
·PenTeleData
·ProLog
| Re: SPAM , the problem just continues to get worse. said by phattieg:said by antiphishing:You'd think they would make a logon/off script that ftp'd the number of processes running, and the names, for each machine at the end of the day. They should ALL be running the same identical image, so if anything odd occured, they'd know right away... You know that would be way to easy and still most people would just ignore any warning no matter how serious they where. Holy sh@@ my warning icon (above) just went off, better go check my Windows processes. --
Specializing in "takes downs" of phishing and advance fee scams
Send your Phishing/Advance fee scams to: phish@antihotmail.com
»/profile/1021645
| |
|
| | many anti-spyware programs such as adaware is banned by our it people. they have no replacement for it though. | |
|  woody7Premium
join:2000-10-13
Torrance, CA | hmmmm...... I know this sounds simplistic, but at the school I work at has "DeepFreeze" on all the computers ,and we just reboot after each user, that along with limited user privileges we don't have much of a problem. That with a policy of IT is the only one that installs programs, seems to work great.(but it wasn't always that way) JMT
--
BlooMe | |
| | haertig
join:2000-12-31
Broomfield, CO | Re: hmmmm...... quote:
That with a policy of IT is the only one that installs programs, seems to work great.
That approach might be fine for libraries and maybe schools, but it won't fly when your employees are developing and writing software. Policy: "Nobody installs executables except IT". Employee: "But my job is to write executables!" | |
| | | Reviews:
·Cox HSI
·World Lynx
1 edit | Re: hmmmm...... said by haertig: quote:
That with a policy of IT is the only one that installs programs, seems to work great.
That approach might be fine for libraries and maybe schools, but it won't fly when your employees are developing and writing software. Policy: "Nobody installs executables except IT". Employee: "But my job is to write executables!" We have that issue here.....you have to make exceptions for certain people if their job requires it. In that case, you have to just keep your anti-virus software up to date and hope for the best.
In our setup using Trend, if a workstation/server is found to be infected, an automated email is sent to most of IT and desktop support showing the machine name and userid of the offending person.....the IT people don't like to get ribbed by others when their machine gets infected!!
Here is a sample:
Virus alert.
TROJ_Generic is detected on V206JYDZA979(userid) in XXXXX domain.
Infected file: C:\updaterInstall_112.exe
Detection date: 3/29/2007 11:16:58
Action: Delete | |
|
| | | DeepFreeze == bad The big problem with DeepFreeze is the people use it as an excuse not to bother even try to secure the computer, and never update their master images with the latest security updates.
The result is that master images get stale and vulnerabilities add up and the systems are perpetually infected with network worms. Even if you shut them all down to be refreshed, there are usually one or two machines somewhere on the network that are infected and still up, which make refreshing a PC is futile.
I've seen the scenario I've described above play out myself at schools I've virited and heard of it from a security consultant who had visited other schools that use DeepFreeze.
If your school is using deepfreeze along with limited user accounts, I say they are wasting money on a grand scale. Limited accounts along with deploying security updates in a timely manner is just as, or more effective than band-aide, bad-habit-inducing programs like DeepFreeze.
--
Hate your enemies. Save your friends. Find your place. Speak the truth. | |
| | |  quetwoThat VoIP GuyPremium
join:2004-09-04
East Lansing, MI | Re: DeepFreeze == bad At our University, we use Rembo, which allows our "IT" staff to slipstream images into the PCs on next boot. Works like a charm, and they get updated once a month at the very worst.
Oh, and we don't have firewalls, IPSs, etc. Every PC on campus has a 35.0.0.0/8 address. | |
| | | | woody7Premium
join:2000-10-13
Torrance, CA | Re: DeepFreeze == bad I can understand software developers not liking this, at home I use "true Image" and that isn't a problem. You need some kind of solution for various users, or you would be spending all your time / resources cleaning them up. School has a lot of intelligent people, but you wouldn't know it by the way they act. When something goes horribly wrong, they expect you to drop what you are doing and fix it. They don't even want to spend $10 dollars on a flash/pen drive to back up their data.. and then can't understand why it is lost...and 9 out of 10 times it is something they have done...Ours is "deepfreeze" enterprise, they are on a domain, with group policy in place, thawed space to save to, and yes it is a pain to install programs for them , but only with the districts approved apps (licensing wise, can't install same program on 10 computers unless you have the license..etc. I'm not an enforcer, but I just say then let the district do it...seems to work everytime. This seems to work, and not a lot of complaints.Is this for everyone, no,but for schools and librarys, internet cafe's etc, it is a good solution.JMT
--
BlooMe | |
|
 sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ
·Optimum Online
| Thank MS and the MCSE culture... There are so many bad admins because they are focused on Windows technologies rather than general networking and internetworking knowledge.
For example, anyone with a smidgen of common sense and a basic understanding of network security would not have PCs in a "Fortune 1000" company setup in such a way that they can connect outbound to port 25. The network design should not make that a requirement (connecting to arbitrary outside hosts). There are plenty of simple, logical ways to protect the internet from windows boxes... | |
| |  joebarnhartPaxio evangelist
join:2005-12-15
Santa Clara, CA | Re: Thank MS and the MCSE culture... Exactly! I was going to ask about this. It seems like the logical solution is to block the SMTP port (25) so 'bots can't send email. There's no good reason for the PC to be sending mail directly (i.e. not through the company's mail system). I even set up my home network this way. Plus, looking at the firewall logs to see who's trying to access port 25 alerts you to compromised machines. | |
|
| |
|
|
·
SPAM , the problem just continues to get worse.
