Security Basics mailing list archives

Re: Security Checklist

From: Richard Thomas <austindad () gmail com>
Date: Tue, 5 May 2009 10:23:42 -0500

J,

Heck of a question.  There is no way you are going to get a
comprehensive answer, at least not for free.  By way of guidance, you
should look at the NIST special publication documents (the 800 series)
at csrc.nist.gov.  For specific technical guidance, you can look for
the STIGs (security technology implementation guides) produced by DISA
(US government agency) at iase.disa.mil/stigs/stig/.  From a
technology perspective, there are a number of platforms that you can
either buy, or lease as a service, such as IDS/IPS, and log
aggregation and analysis.  Good luck.

Richard Thomas

On Mon, May 4, 2009 at 2:32 PM, James Attard <info () jamesattard com> wrote:

Dear list,

I need some help to build up a security checklist for my company
running mainly windows operating systems, apache webservers, and
checkpoint firewall. What I have in mind is that everyday I dedicate
not more than 1 hour and I look at this checklist and see whether the
health status from a security point of view of the whole IT
infrastructure is OK. What should I be looking at? What logs do I need
to generate if they don't exist, and what information patterns should
I look at in the Apache logs/Windows logviewers? Do I need some
software to help me aggregate and process all this information?

Regards,
J

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class.
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. 
Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified 
Penetration Tester exams, taught by an expert with years of real pen testing experience.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------

Current thread:

Security Checklist James Attard (May 04)
- Re: Security Checklist Joseph McCray (May 05)
- Message not available
  - Re: Security Checklist Sebastien MAHIEUX (May 05)
- Re: Security Checklist aditya mukadam (May 05)
- Re: Security Checklist exzactly (May 05)
- Re: Security Checklist Venkatesh Selvaraju (May 05)
  - RE: Security Checklist Dave Kleiman (May 06)
- <Possible follow-ups>
- Security Checklist James Attard (May 05)
  - Re: Security Checklist Ricardo Carrillo (May 05)
  - Re: Security Checklist Richard Thomas (May 05)