RE: Getting to know the pulse of security breaches, within our enterprise!

["Paul Jenkins" <pjenkins () dsci com>]

Interesting, when I first read this I was thinking questionnaire. I'm
junior in this field however, I would say A LOT of internal security
breeches are the result of ignorance not malice. So going of my first
thought if you want to take a look at the human aspect of your network
internals why not a management approved and mandated questionnaire. Use
a little psychology on the wording of the questions, and some
hypotheticals just to see what people are really doing on the network
and possibly educate the users at the same time. Now if you want true
and honest answers some form of guaranteed non-retribution will need to
be used. If you do it anonymously you can never tell who has or has not
completed it. If you pull groups into a room and use paper "quizzes"
then just us a count to verify all took one that may work.

-Paul

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Hrishikesh Khasgiwale
Sent: Friday, September 25, 2009 2:31 AM
To: security-basics () securityfocus com
Subject: Getting to know the pulse of security breaches, within our
enterprise!

Hi guys..

I was thinking of designing an infrastructure template, that would
allow me to replicate that model across my organisation which would
enable the fellow team members to proactively monitor the 'red flags'
that might arise within our LAN from time to time. By red flags I
mean, something that would mean there is an imminent 'threat' to the
overall security posture within my enterprise and I am not talking
from perimeter Firewall / IPS perspective but I want to look more
inwards.

Things that come to mind are:

1. Someone who tries to log into an AD account from a workstation that
he/she doesn't usually log into, should be displayed on a dashboard.

2. Account lockouts happening from a given workstation abnormally
(abnormal values can be defined)..

3. Abnormal ports being accessed from workstation (like attempts to
make connection to someone else's C$, d$ share or someone else making
connection to his/her C $ / D $ shares). This might even signify a
malware on this PC that has gone undetected by the local antivirus.

...or any other stuff that might bring about a threat to the overall
security of my environment.

Has anyone been there n done that?

I understand that it's part technology and part design but I am
currently concerned about the design aspect and whether I have my
requirements correctly sorted out.

Any / all suggestions welcome!!

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------