Security Basics mailing list archives
Security Basics Exercise - How do you know?
From: "Ryan Greenier" <rgreenier () gmail com>
Date: Thu, 11 Sep 2008 14:14:49 -0400
Here's the what-if scenario: Your CTO calls your various IT groups together and poses the following question: "Do we know, as of right now, whether or not one of our public-facing systems has been compromised?" The fact is, and there is no way to answer this question with 100% certainty (at least I don't believe so). However, we should be able to answer this way: "We have as high a confidence-level as we can that no system has been breached because when we look at the various systems, we: - do not see any unauthorized user IDs (or, no unauthorized ID's have been created within the last x hours/days/weeks) - do not see any unexpected services running - show the systems are fully patched - show the systems are 100% compliant with our standard build - show that there are no known vulnerabilities presently unaddressed - have not seen any unauthorized root user activity - do not see any unusual activity in our host-based IPS - have not received any alerts from the network-based IPS - see that disk space usage has not changed significantly - so not see any unusual traffic on the firewall (such as denies, numerous abnormal connection-types, etc) - checked the system with AV and anti-spyware and it came back clean ....."
From a high-level, what else would you have in place to prove that
your public systems are/were not breached? - Ryan
Current thread:
- Security Basics Exercise - How do you know? Ryan Greenier (Sep 11)
- RE: Security Basics Exercise - How do you know? David Gillett (Sep 12)
- Re: Security Basics Exercise - How do you know? ॐ aditya mukadam ॐ (Sep 12)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- MobileMe Krzyston, Randy (Sep 18)
- Re: MobileMe Phil Holbrook (Sep 19)
- Re: MobileMe Xelman (Sep 19)
- Re: MobileMe Tremaine Lea (Sep 22)
- Re: MobileMe Kurt Buff (Sep 23)
- Re: MobileMe Tremaine Lea (Sep 23)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- <Possible follow-ups>
- Re: Security Basics Exercise - How do you know? krymson (Sep 14)