Security Basics mailing list archives
Re: Security Checklist
From: Richard Thomas <austindad () gmail com>
Date: Tue, 5 May 2009 10:23:42 -0500
J, Heck of a question. There is no way you are going to get a comprehensive answer, at least not for free. By way of guidance, you should look at the NIST special publication documents (the 800 series) at csrc.nist.gov. For specific technical guidance, you can look for the STIGs (security technology implementation guides) produced by DISA (US government agency) at iase.disa.mil/stigs/stig/. From a technology perspective, there are a number of platforms that you can either buy, or lease as a service, such as IDS/IPS, and log aggregation and analysis. Good luck. Richard Thomas On Mon, May 4, 2009 at 2:32 PM, James Attard <info () jamesattard com> wrote:
Dear list, I need some help to build up a security checklist for my company running mainly windows operating systems, apache webservers, and checkpoint firewall. What I have in mind is that everyday I dedicate not more than 1 hour and I look at this checklist and see whether the health status from a security point of view of the whole IT infrastructure is OK. What should I be looking at? What logs do I need to generate if they don't exist, and what information patterns should I look at in the Apache logs/Windows logviewers? Do I need some software to help me aggregate and process all this information? Regards, J ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Security Checklist James Attard (May 04)
- Re: Security Checklist Joseph McCray (May 05)
- Message not available
- Re: Security Checklist Sebastien MAHIEUX (May 05)
- Re: Security Checklist aditya mukadam (May 05)
- Re: Security Checklist exzactly (May 05)
- Re: Security Checklist Venkatesh Selvaraju (May 05)
- RE: Security Checklist Dave Kleiman (May 06)
- <Possible follow-ups>
- Security Checklist James Attard (May 05)
- Re: Security Checklist Ricardo Carrillo (May 05)
- Re: Security Checklist Richard Thomas (May 05)