Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The life of an IT Manager

Published: 2016-07-22
Last Updated: 2016-07-22 18:35:00 UTC
by Deborah Hale (Version: 1)
3 comment(s)

It is true, I am back after a 2 year hiatus from my duties as a Handler at the Internet Storm Center.  Some may be wondering why.  So here it is.

It all started with my new job. I was hired by a company 2 years ago to help move their IT Department forward.  The owner told me it would be a challenge but I accepted the challenge.  They have 6 remote locations plus the corporate office and I would be the 2nd employee in the IT department taking care of all of the locations. That is where the story begins and a challenge it was.  My first week on the job I learned that they did not have successful backup jobs running for the 22 Windows servers.  Several of the servers were standalone devices that ranged in age from 4 years to 14 years old. They were a mess and the group policies, DNS, DHCP and Active Directory were a disaster. No backups in place for their critical desktop computers and no anti-virus solution company wide. They had no firewalls, no IPS, no spam filter, Windows updates were hit and miss depending on whether the employee took the time to install them.  There were a number of issues with the MPLS between the branches and a hodge podge of phone systems.  They had no security in place, no Disaster Recovery Plans. Our mail server was blocklisted twice in the first 3 months of my employment so I had some work to do there as well.  They are self-insured so had HIPAA requirements to deal with which weren’t happening.  So as you can see it was definitely a challenge.

As of today we have made great progress.  We have replaced the old servers with new servers but instead of individual boxes we have migrated to virtual machines. We now have 6 physical boxes that are hosting all of the servers. All of the servers are being backed up to a recovery server that is on site as well as to a recovery server that is at one of our remote locations. All of our workstations are being backed up using a 3rd party off-site backup program. We have installed firewalls/IPS, a spam filter, cleaned up our AD (still a lot of work to do), installed Microsoft WSUS, a managed anti-virus/anti-malware solution, moved all phone systems at all locations to the same platform and have begun standardizing hardware and software throughout the organization. Our mailserver has not been blocklisted since I completed the changes to our mail records for compliance and our network lockdown was completed. We are rolling out perimeter security with a digital camera system inside and outside of the facilities at each location and we are in the process of reviewing going from copper to fiber for our MPLS network.

I have completed the initial HIPAA compliance requirements and have started working on the Disaster Recovery. I have monitoring and reporting setup for all aspects of the network infrastructure to attempt to ensure that our network remains safe and secure. Great progress has been made but we have a lot of work yet to do.  I am now the IT Manager and Security and Compliance Officer for the organization. We had a ransomware attempt a few months ago and thankfully it was unsuccessful because of the precautions and preventative measures that have been implemented.

I am sure that I am not the only IT person that has walked into this type of situation and I am sure I won’t be the last.  IT is so fluid and continuously changing and the threats to the environment have changed too.  One of my IT friends said it is like shooting fish in a barrel and I have to agree.

Deb Hale

Keywords: IT
3 comment(s)
Diary Archives