Security Basics mailing list archives
Re: Security Checklist
From: Joseph McCray <joe () learnsecurityonline com>
Date: Mon, 04 May 2009 16:21:14 -0400
I would definitely say to think about setting up something like Splunk - you can take a look at http://en.wikipedia.org/wiki/Splunk for the generic details. Key things that admins should keep their eye on at least weekly. 1. Patch management (WSUS, PatchLink, Alteris, etc - especially for 3rd party patch management) 2. Managed Anti-Virus (Symantec, EPO, etc) 3. Network Health Monitoring system (What's Up Gold, Big Brother, etc) 4. If 1-3 are in good shape - then your IDS/IPS solution. 5. Lastly if all of the things above are in good shape - your centralized log collection facility (Splunk, or similar product) I think it's really important that companies get 1-3 really under control before they get knee deep in 4 and 5. You'll just be chasing your tail trying to fix things that the first 3 should be taking care of. Joe On Mon, 2009-05-04 at 19:01 +0200, James Attard wrote:
Dear list, I need some help to build up a security checklist for my company running mainly windows operating systems, apache webservers, and checkpoint firewall. What I have in mind is that everyday I dedicate not more than 1 hour and I look at this checklist and see whether the health status from a security point of view of the whole IT infrastructure is OK. What should I be looking at? What logs do I need to generate if they don't exist, and what information patterns should I look at in the Apache logs/Windows logviewers? Do I need some software to help me aggregate and process all this information? Regards, J ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
-- Joe McCray Toll Free: 1-866-892-2132 Email: joe () learnsecurityonline com LinkedIn: http://www.linkedin.com/in/joemccray Twitter: http://twitter.com/j0emccray Website: http://www.learnsecurityonline.com Video of my Advanced SQL Injection Presentation: http://vimeo.com/3418947 "The only thing worse than training good employees and losing them is NOT training your employees and keeping them." - Zig Ziglar ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Security Checklist James Attard (May 04)
- Re: Security Checklist Joseph McCray (May 05)
- Message not available
- Re: Security Checklist Sebastien MAHIEUX (May 05)
- Re: Security Checklist aditya mukadam (May 05)
- Re: Security Checklist exzactly (May 05)
- Re: Security Checklist Venkatesh Selvaraju (May 05)
- RE: Security Checklist Dave Kleiman (May 06)
- <Possible follow-ups>
- Security Checklist James Attard (May 05)
- Re: Security Checklist Ricardo Carrillo (May 05)
- Re: Security Checklist Richard Thomas (May 05)