Security Basics mailing list archives
Security indicators.
From: Toyama no Benbei <toyamanobenbei2003 () yahoo com>
Date: Tue, 21 Oct 2003 17:13:47 -0700 (PDT)
Hello everybody. I was given the task of elaborate weekly reports concerning the overall infrastructure "level of security". As ambiguous as this may sound, the fact is that managment people like reports with graphics and numbers. First of all, what I understand as an "indicator" is a cuatitative entity by means of wich I can monitor the status of some process. With the help of an indicator, I can make a decision, focus the work in problematic areas, etc. I can install whatever open source tool I need to in order to get the needed info. I was thinking something like: a) Nessus reports. ================== Would indicate the most important devices vulnerabilities. Also as reports get generated, they would show how are we doing concerning patching of vulnerabilites. (How long before we finally get that sendmail server updated, for instance). b) Portsentry reports. ======================= How many scannings are we getting? (per server, for example) This number would surely make some impact whith the bosses. I think it's rather difficult to "modify" the number of net scannings, but should be a significant number to have in mind. c) Password cracker reports. ============================= To catch joes in the users passwords. We can work on making users to try better passwords , so this number get lower with time. d) Log analizer. ================= This is a huge one, but I'm not very clear what kind of valuable _cuantitative_ info. we can get. The "sar" reports, for instance, are more performance oriented, I think. On the other hand, disponibility is one of the basic sercurity services. But it's also true that the security officer alone, could do barely anything towards making better "responsive" devices. How many times does a user fail before typing his/her password right doesn't help much .... Maybe how many people got root access to certain server /router (ups, it was supoused to be only one). I'd really like to hear what you think about this. Thank you all. ps. I'm not against propietary tools or anything, it's a budget thing ;) pss. I feel this is somehow not the rigth path to follow ... think we should get decent security policies, and then auditing them. The indicators would generate then from the process of auditing, naturally. But then again, I have managment people on my back :\. __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- Security indicators. Toyama no Benbei (Oct 22)