So there I was, in the concourse at the Georgia World Congress Center outside the Interop exhibit space, just trying to rest my feet and grab a quick smoke when I hear someone roar out: "Dave -- is that you?" I look up and there's a familiar face, but something doesn't look right. Soon enough, though, I learn its my old friend Umesh Verma, from Blue Lance Software -- only he's lost about 23kg since I last saw him. "Have you been ill?" I asked. "No, Dave, it's worry over this new Y2K problem that's done this to me," he replied.
Just before my eyes completely glazed over, Umesh drew me back in by insisting that it's not the second between December 31 and January 1 that's the problem. Rather, it's the crooks, thieves and malicious crackers who'll plunder and destroy your assets around the turn of the year and then blame it all on the Y2K bug!
He reminded me that most financial losses due to network security problems are caused by internal intruders -- and that right now this includes some fly-by-night Y2K "consultants".
Fortunately, Umesh also had an answer for this problem: good auditing tools. And, of course, he thinks his auditing tool, LT Auditor, is the best. Well, I've used and recommended LT Auditor for NetWare for more than 10 years, so I didn't need convincing. He also recommends some good business practices that don't require you to spend money on a product:
Check credentials on all programmers -- contract or otherwise -- working on your network.
Have programmers sign a letter of agreement outlining liabilities for breaches.
Keep detailed records of who did what, when and where.
Implement effective intrusion detection.
After "repairs" by contractors, test for trap doors, unfamiliar code or software installed that's not specifically part of the repair.
If there are trap doors, get signed agreements on their uses.
Review security reports daily.
Establish multiple levels of security checks and balances.
You can get more sound advice, a Y2K risk assessment guide and an evaluation copy of LT Auditor at http://www.bluelance.com.
Kearns, a former network administrator, is a freelance writer and consultant in Austin, Texas. He can be reached at firstname.lastname@example.org