Being from the frontline IT support i often receive calls from my friends, acquaintances, friends of friends, etc. asking technical advice; the recent one was from a small business owner (a friend of friend). They wanted to get their business ISO27001 certified and hired a consultant. The consultant did a preliminary assessment of their IT including technical areas and provided a report of gaps.
The owner checked around and called me; they were basically looking at a managed network where there were policies, procedures, Management/monitoring, controls like internet browsing restrictions, Firewall/IDS, system/network logs, etc. While the policy, procedures part were handled by the consultant he wanted advise on technical stuff.
And they wanted all these at the lowest possible cost.
About the Infrastructure; a switched network, broadband ISP, 2 servers, 45 desktops, 6 notebooks. All OS were windows, router was basic ISP provided, centrally managed antivirus running in all boxes, MS patches using WSUS, Other software patched manually on monthly basis; in total it was a averagely managed environment.
I said i will revert in a day and gave this list: Firewall = Cisco ASA 5505 Base with security plus bundle, Proxy = Squid, IDS = Snort with Aanval free license, S/NMS = Nagios, SYSLOG – Kiwi (now Solarwinds), Log analysis = Splunk:free version.
All the above are planned to be configured on a Dell Poweredge server running VMware ESXi. The real challenge is in the solution integration; so i also gave them few references (mentioning them here would be promotion) for implementation and management of these.
I shall of course follow-up and update if anything interesting comes up.