Firewall Wizards mailing list archives
RE: Security Audit and Priorities
From: "Bob Wanamaker - Avant Systems, Inc." <rlw () avantsystems com>
Date: Mon, 14 Jul 2003 11:46:54 -0400
Greetings, Paul. Congrats on the new gig! Learn your network. *I'd* not worry too much about IDS at this point. Harden servers; understand your firewall, routers, switches [I've seen folks attempt to do security via VLAN's - things like that are not immediately obvious if you don't have access to the original network designer]; learn what your workstation configs are like; spend some quality time with a sniffer - during low-use and peak-use times; pore over every log file you can find; examine-test backup/recovery strategies and tools. Diagram how each "application level" network conversation takes place, and what devices/processes are involved: e.g., a workstation sends an e-mail: it hits the private mail server queue, is removed by content filtering software, is scanned for virii, is dropped off in the queue, is tagged for delivery to remote, transferred to gateway smtp server, etc. Then start asking the questions about who has access to that e-mail at each point in your diagram. Remember that we're not only concerned with securing machines, but with securing data. Then ask if that conversation is appropriate on your network. As you do more and more of this, you'll naturally be starting an audit: e.g., as you go through logs, you'll notice which are missing; you'll notice if they're archived; you'll notice if you have the tools to pull them apart; you'll notice if timestamps are coordinated - in short, you'll discover if logging is adequate to put together a picture of who is accessing what resources when and how. Once you get a solid grasp of what constitutes normal traffic and normal ops, you can start really tightening things down, and then consider implementing an IDS to help you keep things tidy. Hope that helps, Bob -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of Paul Ammann Sent: Sunday, July 13, 2003 12:10 PM To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] Security Audit and Priorities Thanks to everyone for sharing your thoughts. I really do appreciate the help. I was at the bookstore last night and found 3 books that'll provide me immediate solutions in the short term, and help plan long term: - Linux Security Cookbook - Building Secure Servers with Linux - Hardening Cisco Routers All books are from O'Reilly. It's one thing to be a firewall admin and write and maintain security policies. I've never given much thought to Oracle, Linux and Cisco routers before. But it is a huge opportunity to learn. ;-) And I bought "Honeypots: Tracking Hackers" by Lance Spitzner. While I'm thinking about it, I know the company doesn't have a IDS system in place. I was looking at Snort as a possibility. Has anyone had experience with Snort? Paul _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Security Audit and Priorities, (continued)
- Re: Security Audit and Priorities Paul Robertson (Jul 12)
- Re: Security Audit and Priorities Yannick Van Osselaer (Jul 13)
- Re: Security Audit and Priorities R. DuFresne (Jul 13)
- Re: Security Audit and Priorities Frank Knobbe (Jul 14)
- Re: Security Audit and Priorities ark (Jul 14)
- Re: Security Audit and Priorities Frank Knobbe (Jul 14)
- Re: Security Audit and Priorities ark (Jul 14)
- Re: Security Audit and Priorities lists (Jul 13)
- Re: Security Audit and Priorities Paul Ammann (Jul 14)
- Security Audit and Priorities Paul Ammann (Jul 13)
- Re: Security Audit and Priorities R. DuFresne (Jul 13)
- RE: Security Audit and Priorities Bob Wanamaker - Avant Systems, Inc. (Jul 14)
- re: Security Audit and Priorities Mike Hoskins (Jul 14)
- Re: Security Audit and Priorities M Taylor (Jul 14)