Security Basics mailing list archives
RE: Security Basics Exercise - How do you know?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Thu, 11 Sep 2008 18:50:09 -0700
Have you used Tripwire or the equivalent to verify that the current image matches the deployed image? David Gillett
-----Original Message----- From: Ryan Greenier [mailto:rgreenier () gmail com] Sent: Thursday, September 11, 2008 11:15 AM To: security-basics () securityfocus com Subject: Security Basics Exercise - How do you know? Here's the what-if scenario: Your CTO calls your various IT groups together and poses the following question: "Do we know, as of right now, whether or not one of our public-facing systems has been compromised?" The fact is, and there is no way to answer this question with 100% certainty (at least I don't believe so). However, we should be able to answer this way: "We have as high a confidence-level as we can that no system has been breached because when we look at the various systems, we: - do not see any unauthorized user IDs (or, no unauthorized ID's have been created within the last x hours/days/weeks) - do not see any unexpected services running - show the systems are fully patched - show the systems are 100% compliant with our standard build - show that there are no known vulnerabilities presently unaddressed - have not seen any unauthorized root user activity - do not see any unusual activity in our host-based IPS - have not received any alerts from the network-based IPS - see that disk space usage has not changed significantly - so not see any unusual traffic on the firewall (such as denies, numerous abnormal connection-types, etc) - checked the system with AV and anti-spyware and it came back clean ....."From a high-level, what else would you have in place to prove thatyour public systems are/were not breached? - Ryan
Current thread:
- Security Basics Exercise - How do you know? Ryan Greenier (Sep 11)
- RE: Security Basics Exercise - How do you know? David Gillett (Sep 12)
- Re: Security Basics Exercise - How do you know? ॐ aditya mukadam ॐ (Sep 12)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- MobileMe Krzyston, Randy (Sep 18)
- Re: MobileMe Phil Holbrook (Sep 19)
- Re: MobileMe Xelman (Sep 19)
- Re: MobileMe Tremaine Lea (Sep 22)
- Re: MobileMe Kurt Buff (Sep 23)
- Re: MobileMe Tremaine Lea (Sep 23)
- Re: Security Basics Exercise - How do you know? Meenal Mukadam (Sep 16)
- <Possible follow-ups>
- Re: Security Basics Exercise - How do you know? krymson (Sep 14)
- Re: Security Basics Exercise - How do you know? alexander . bolante (Sep 18)