In Security profession, you always go with your finding to the people who has technical capabilities so that they may understand, what you want to explain to them. But what in a situation if you need to deal with ordinary, non technical users? They don't understand your security jargon, they only care about their business. I have been dealing with these sort people from long back! And when they are sitting in remote location, it's very tough!
The best way is to send them mails explaining the issue, its impact and how to fix them. Sometimes, they will co-operate with you some times, you are disappointed.
For example, if you need to deal with users running any Insecure Services (suppose FTP) on their machines, the following ways seem working:
1. First send a communication to them about the issue, eg, what the service is all about, how it could be exploited if not closed or secured.
2. If they respond, well, tell them to stop FTP from Services.msc.
3. Sometimes, they are not sure why FTP is running on their machine. They stop IIS admin and all, but FTP still running. Tell them to run fport, a McAfee tool to find the EXE which is responsible for running the service. netstat -ab is another equivalent command. Sometimes Inetinfo.exe may not be responsible for running FTP on your machine as there are lots of other application, which may run their own FTP servers.
4. Now you are sure, which process (EXE) is running the service, you may instruct the user to go and locate that service into Services.msc and stop it.
What, I want to say is , it really takes to be patient at your side, if users are non-technical, remote and a little non-cooperative. But again, its very necessary to take them to right way as they may pose a security risk to your organization.
The best way is to send them mails explaining the issue, its impact and how to fix them. Sometimes, they will co-operate with you some times, you are disappointed.
For example, if you need to deal with users running any Insecure Services (suppose FTP) on their machines, the following ways seem working:
1. First send a communication to them about the issue, eg, what the service is all about, how it could be exploited if not closed or secured.
2. If they respond, well, tell them to stop FTP from Services.msc.
3. Sometimes, they are not sure why FTP is running on their machine. They stop IIS admin and all, but FTP still running. Tell them to run fport, a McAfee tool to find the EXE which is responsible for running the service. netstat -ab is another equivalent command. Sometimes Inetinfo.exe may not be responsible for running FTP on your machine as there are lots of other application, which may run their own FTP servers.
4. Now you are sure, which process (EXE) is running the service, you may instruct the user to go and locate that service into Services.msc and stop it.
What, I want to say is , it really takes to be patient at your side, if users are non-technical, remote and a little non-cooperative. But again, its very necessary to take them to right way as they may pose a security risk to your organization.
Comments