Security Basics mailing list archives
Re: Security Basics Exercise - How do you know?
From: "Meenal Mukadam" <meenal.mukadam () gmail com>
Date: Sat, 13 Sep 2008 15:52:32 +0530
Hello Ryan, I agree with Adi. Higher management expects smart work. The Information that you are supposed to give has to be very precise. And the way you present it matters a lot. The Checklist that you have suggested is really good. And I must appreciate the security details you have taken care of. But along with this one has to even take care of the Human element. The patches and security devices may be in place. But Security unaware employees tend to Disable the Security features as it slows down their systems. Many tend to disable the anti-virus software just because doing so makes their PC work fast. So one has to monitor such 'Weak-links' along with the technology aspect of Information Security. I will think of few more and will revert back as soon as I can. Regards, Meenal A. Mukadam (CEH, MBA Information Systems & Security)
On Thu, Sep 11, 2008 at 11:44 PM, Ryan Greenier <rgreenier () gmail com> wrote:Here's the what-if scenario: Your CTO calls your various IT groups together and poses the following question: "Do we know, as of right now, whether or not one of our public-facing systems has been compromised?" The fact is, and there is no way to answer this question with 100% certainty (at least I don't believe so). However, we should be able to answer this way: "We have as high a confidence-level as we can that no system has been breached because when we look at the various systems, we: - do not see any unauthorized user IDs (or, no unauthorized ID's have been created within the last x hours/days/weeks) - do not see any unexpected services running - show the systems are fully patched - show the systems are 100% compliant with our standard build - show that there are no known vulnerabilities presently unaddressed - have not seen any unauthorized root user activity - do not see any unusual activity in our host-based IPS - have not received any alerts from the network-based IPS - see that disk space usage has not changed significantly - so not see any unusual traffic on the firewall (such as denies, numerous abnormal connection-types, etc) - checked the system with AV and anti-spyware and it came back clean ....." From a high-level, what else would you have in place to prove that your public systems are/were not breached? - Ryan
-- Meenal A. Mukadam ------------------------------------------------------------- Far away there in the sunshine are my highest aspirations. I may/maynot reach them, but I can look up and see their beauty, believe in them and try to follow where they lead -------------------------------------------------------------
Current thread:
- Security Basics Exercise - How do you know? Ryan Greenier (Sep 11)
- RE: Security Basics Exercise - How do you know? David Gillett (Sep 12)
- Re: Security Basics Exercise - How do you know? ॐ aditya mukadam ॐ (Sep 12)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- MobileMe Krzyston, Randy (Sep 18)
- Re: MobileMe Phil Holbrook (Sep 19)
- Re: MobileMe Xelman (Sep 19)
- Re: MobileMe Tremaine Lea (Sep 22)
- Re: MobileMe Kurt Buff (Sep 23)
- Re: MobileMe Tremaine Lea (Sep 23)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- <Possible follow-ups>
- Re: Security Basics Exercise - How do you know? krymson (Sep 14)
- Re: Security Basics Exercise - How do you know? alexander . bolante (Sep 18)