headers
neo | 1 Feb 2007 09:29

Common Criteria and FIPS 140-2 Certification

Hello Group,

Is anybody on this mailing list working in the common criteria or certification areana for any software or
security product vendor ?

I see that there are lot of consulting companies that are helping the vendors but i am curious to see how many
company's out there have a internal Certification Engineering departments focusing on obtaining these
certifications which are key to open doors for the federal markets.

Any input is appreciated.

-NEO
Permalink | Reply | 1 comment |
headers
Mohamad Mneimneh | 1 Feb 2007 10:50

Employee Termination Procedure (DarRef: Not Referenced)

Hello List,

I need to implement a termination procedure for my employees. This
applies to terminated / resigned employees. I'm especially concerned
with IT personnel, mostly system admins & security officers, as they
have access to all VPN accounts, domain accounts, service accounts...

What are my options, related to the administrative & technical controls?
What are the mandatory steps that will ensure a minimum level of
protection?

I appreciate your input,

-Mohamad.
Permalink | Reply | 2 comments |
headers
Matt Miller | 1 Feb 2007 14:40
Picon

zero-hour e-mail antivirus solutions

Hello folks.

I'm in the process of choosing an e-mail anti-virus gateway which has 
some kind of outbreak detection features that can protect me during 
zero-hour, before the signatures are released. Currently, it seems that 
IronPort and CommTouch are the main players in this area. I was 
wondering, what are your experiences with these zero-hour AV systems. As 
I understand, CommTouch is more of a statistical analyzer, while 
IronPort has a 24x7 team of analysts constantly monitoring the 
SenderBase network.

Anyone using one of these systems? Any comments?

Thanks in advance.
Matt
Permalink | Reply | 2 comments |
headers
Sukert, Alan | 1 Feb 2007 16:01
Picon

RE: Common Criteria and FIPS 140-2 Certification

I work for Xerox and the group I'm in is responsible for Common Criteria
Certifications of Xerox office products. 

Regards,
Al Sukert
Product Security Specialist - XOG Product Security Office
XOG Export Control Coordinator
Xerox Certified Green Belt
Device Administration Program Manager
8*227-1413 or 585-427-1413
FAX: 585-427-6599
Alan.Sukert <at> xerox.com  

This e-mail message, including any attachments, is for the sole use of
the intended recipient(s) and may contain confidential information.  Any
unauthorized review, use, disclosure or distribution is prohibited.  If
you are not the intended recipient(s) please contact the sender by reply
e-mail and destroy all copies of the original message. Finally, the
recipient should check that this email is authentic and examine it for
the presence of viruses. Xerox does perform virus checks but cannot
accept liability for any damage caused by any virus transmitted by this
email. Thank you.

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com]
On Behalf Of neo <at> neo.com
Sent: Thursday, February 01, 2007 3:30 AM
To: security-basics <at> securityfocus.com
Subject: Common Criteria and FIPS 140-2 Certification
(Continue reading)

Permalink | Reply | 0 comments |
headers
Francois Yang | 1 Feb 2007 17:30
Picon

Re: zero-hour e-mail antivirus solutions

I'm actually looking at something similar, and I'm currently
evaluating proofpoint.
They seem pretty good.  http://www.proofpoint.com/products/msg.php
I've talked to couple of their customers and they seem pretty happy.
any have any experience with Proofpoint that can comment on them?

On 2/1/07, Matt Miller <madmillerx <at> gmail.com> wrote:
> Hello folks.
>
> I'm in the process of choosing an e-mail anti-virus gateway which has
> some kind of outbreak detection features that can protect me during
> zero-hour, before the signatures are released. Currently, it seems that
> IronPort and CommTouch are the main players in this area. I was
> wondering, what are your experiences with these zero-hour AV systems. As
> I understand, CommTouch is more of a statistical analyzer, while
> IronPort has a 24x7 team of analysts constantly monitoring the
> SenderBase network.
>
> Anyone using one of these systems? Any comments?
>
> Thanks in advance.
> Matt
>
>
>
Permalink | Reply | 1 comment |
headers
Francois Yang | 1 Feb 2007 17:34
Picon

Re: Employee Termination Procedure (DarRef: Not Referenced)

I would recommend you talk to HR and IT and see how they currently do it.
Then based on the information you gather, you can review the steps and
start building the procedure.  I would also recommend that you check
with HR and IT as you build the procedure to make sure it's OK with
everyone.  Some steps may involve other parties indirectly so it is
very important that you know all the parties that will be involved at
each steps.
Hope that helps.

On 2/1/07, Mohamad Mneimneh <Mohamad.Mneimneh <at> dargroup.com> wrote:
> Hello List,
>
> I need to implement a termination procedure for my employees. This
> applies to terminated / resigned employees. I'm especially concerned
> with IT personnel, mostly system admins & security officers, as they
> have access to all VPN accounts, domain accounts, service accounts...
>
> What are my options, related to the administrative & technical controls?
> What are the mandatory steps that will ensure a minimum level of
> protection?
>
> I appreciate your input,
>
> -Mohamad.
>
Permalink | Reply | 0 comments |
headers
Sandip Wadje-Infosec | 1 Feb 2007 17:38
Picon

Re: Employee Termination Procedure (DarRef: Not Referenced)

#Disable domain, erp and other server accounts(Its a good practice if
you maintain an MIS of who has what access)
#Obtain ID Card
#Remove RFID & Biometric Access(If any)
#Obtain corporate credit card
#Inform payroll immediately
#Notify team members
#Obtain all password in custody of the employee
#Arrange for return of assets such as laptops, VPN token, mobile
phones, manuals, sensitive documents etc.
#Instruct the employee to remove his personal information / belongings
#If employee is in senior position, update business continuity plan

Hope this helps.

Regards,
Sandip
Permalink | Reply | 0 comments |
headers
Anthony J Placilla | 1 Feb 2007 18:49

Re: zero-hour e-mail antivirus solutions


Francois Yang wrote:
> I'm actually looking at something similar, and I'm currently
> evaluating proofpoint.
> They seem pretty good.  http://www.proofpoint.com/products/msg.php
> I've talked to couple of their customers and they seem pretty happy.
> any have any experience with Proofpoint that can comment on them?
> 
> 
> On 2/1/07, Matt Miller <madmillerx <at> gmail.com> wrote:
>> Hello folks.
>>
>> I'm in the process of choosing an e-mail anti-virus gateway which has
>> some kind of outbreak detection features that can protect me during
>> zero-hour, before the signatures are released. Currently, it seems that
>> IronPort and CommTouch are the main players in this area. I was
>> wondering, what are your experiences with these zero-hour AV systems. As
>> I understand, CommTouch is more of a statistical analyzer, while
>> IronPort has a 24x7 team of analysts constantly monitoring the
>> SenderBase network.
>>
>> Anyone using one of these systems? Any comments?
>>
>> Thanks in advance.
>> Matt
>>
>>
>>

We use ProofPoint  & like it. Enterprise of about 15k users
(Continue reading)

Permalink | Reply | 0 comments |
headers
security | 1 Feb 2007 19:18

Mail scanner

Hi

My company currently scans emails for attachments but we are considering a change of supplier.  One of the
problems we are having is with allowing users to release their own emails.  I've spent a few hours trying to
configure it but to no avail and support is only for the configuration, not "how do I do..."

Does anybody have any recomendations?

Thanks

Jono
Permalink | Reply | 8 comments |
headers
Nathaniel Hall | 1 Feb 2007 20:31

Re: Mail scanner

security <at> calowaycrew.com wrote:
> Hi
>
> My company currently scans emails for attachments but we are considering a change of supplier.  One of the
problems we are having is with allowing users to release their own emails.  I've spent a few hours trying to
configure it but to no avail and support is only for the configuration, not "how do I do..."
>
> Does anybody have any recomendations?

I recommend using a Barracuda Networks Spam Firewall.  We have had great
luck with them and they seem to do about 99.9% of the things we want
them to do.  They have also cut down on the number e-mails we received
to about 25% of what we had been receiving.

--
Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA
Permalink | Reply | 4 comments |

Gmane