Comments on: Who should we hire to secure our network in NoVA?

Question: Who should we hire to secure our network in NoVA?

sa3z — Wed, 27 Dec 2006 12:29:45 -0800

Network Security: I'm looking for recommendations for an individual or company that can come check out our network and make sure it's secure. In Sterling, VA (NoVA/DC).

My dad's small business has had a secure non-wireless network setup in our warehouse for a few years. Recently, we've noticed some weird activity in our firewall and anti-virus logs. To our untrained eyes, it looks like a competitor is trying to load Trojans onto our computers. The firewall seems to be blocking them. This is good. But we want to be extra-cautious. I hate Geek Squad, the guy who originally set up the network moved away, craigslist has proven quite useless and my Google-fu seems to be failing me. Besides, recommendations would be better, I think. Can you vouch for anyone's expertise and trustworthiness?

By: SirStan

SirStan — Wed, 27 Dec 2006 13:03:45 -0800

While I can't help you out (unless you wana pay travel costs, and hotel costs), I will take a look at any logs you have, and explain them to you. (email plz -- its in my profile)

A true good penetration test will run you a couple grand.

By: WetherMan

WetherMan — Wed, 27 Dec 2006 13:23:51 -0800

Sign up to the Security Focus Pen-Test mailing list. There are many security professionals who specialize in this sort of work who read this list and will most likely be able to recommend someone appropriate for your needs. Re-post this question there, with perhaps a bit more detail, including a brief rundown on your IT infrastructure, (Systems, Applications, etc). Also include, in general what you want done. If you'd like it to be on-site, make sure you include your location. If you want something more than some basic packet analysis and an answer to the question "is a human attacker actively attempting to penetrate my network" be prepared to pay a bit of money.

If you want dirt simple/cheap, setup Wireshark (Ethereal) on your border gateway and start scanning, as SirStan recommends. The logs will probably contain confidential information, so don't post them publicly. Maybe a kind soul will take a look at them for you.

By: cmonkey

cmonkey — Wed, 27 Dec 2006 14:25:23 -0800

If you want a serious firm, give Neohapsis a call.

You didn't really consider asking the Geek Squad to take a look at your network security, did you?

By: scalefree

scalefree — Wed, 27 Dec 2006 15:05:56 -0800

Neohapsis has very good people, I've worked with them a time or two some years ago (I'd offer myself but it's a little far for me plus I'm not strictly in the field anymore, not 100% in practice these days). If they think they're not right for the job they'd certainly be willing to point you in the direction of an independant consultant who is.

By: BigVACub

BigVACub — Wed, 27 Dec 2006 17:12:33 -0800

TruSecure/Cybertrust is operated out of Herndon VA. Not sure how expensive they are. www.trusecure.com. I work in the same building as them, and they have some heavy-duty geeks working there.

By: paulsc

paulsc — Wed, 27 Dec 2006 21:10:24 -0800

ISS is one of the 400 lb. gorrillas in network security. They have a good spread of products, plenty of people (including "white hats" on staff, and go to some lengths to remain on speaking terms with "grey hats," and "black hats"), and the flexibility/resources to tackle most any network security issue. But as a small business, your problem in dealing with a company such as ISS may be less in running their intrusion detection products, and implementing their recommendations, than in affording their products and services, and navigating their organization. Still, if you have specific concerns, and at least as definable a focus as you've laid out in your question, a phone conversation with them may result in a practical short term plan, at minimal cost, and a connection for far heavier duty services, if it turns out you need them. If the situation points to criminal issues, I think you'll find that the reaction of law enforcement people to learning you've engaged ISS is quite positive.

If you've got a problem, ISS can put the resources on the case to find out, and fix it. Their professional services group is as good as any in the business, and if you want a Tiger Team effort run, ISS is one of the few firms on the planet that can do this to credible standards. They can scan your firewall, assess your network, go through your garbage, and trick your employees. The report you get from their Penetration Testing group is likely to be humbling (if you think you have good security and loyal employees), but illuminating.

If your business is at risk, contact ISS.

I am not a shareholder, employee, customer, or otherwise beneficial stakeholder of ISS, nor have I been in the past, nor am I likely to be in the future. But I have seen them work.

By: sa3z

sa3z — Thu, 28 Dec 2006 07:06:27 -0800

Thanks for all the great advice. As some of you mentioned, a lot of the really good options might be out of the practical budget for a small business, but this is definitely not a situation that we want to mess around with. I'll explain the options to my dad and see what we can figure out. I really appreciate all the help. Please feel free to keep commenting if you have more suggestions.

Geek Squad was my dad's suggestion. I told him it was out of the question. Thanks for backing up what was really just a gut feeling.

By: phearlez

phearlez — Thu, 28 Dec 2006 08:04:15 -0800

You can drop me an email if you like; I'm just down the street and I can put you in touch with a few people who would be willing to take a small side job like this. You'll have to talk with them about exactly what your goals are here, however. Do you want to make sure no baddies got in? Identify the source of the icky? Analyze the logs for more certainty of what happened?

If the idea was rolling around in your head, let me tell you this from my personal experience in the field: the chances you're going to get law enforcement to pay the slightest bit of attention to an attempted unsuccessful penetration are effectively nil.

By: scalefree

scalefree — Thu, 28 Dec 2006 13:03:50 -0800

I have issues with ISS in general but in any event their offerings just aren't scaled for your class of business. An option that just occurred to me is to get in touch with the local security practitioner's user group NoVASEC. It's kind of like 2600 meetings for adults. They'll definitely be able to hook you up with someone of high quality & reputation within your price range.