Security Basics mailing list archives
Re: SIM Solutions testing environement. Eg. Netforensics
From: Gleb Paharenko <gpaharenko () gmail com>
Date: Thu, 15 Oct 2009 23:38:16 +0300
Hi, all. Aditya has very good and systematic approach. My addition is make sure that you have checked backup/archiving/restoring logs and carefully planned storage/capacity/log retention policies. Also take Netforensics with Oracle Enterprise license (partitions feature is a must for SIMs). In case you're going to audit Database events, also worth to check that, as usually for SIMs this is a pain due performance penalties and other restrictions in databases. 2009/10/15 aditya mukadam <aditya.mukadam () gmail com>:
Hello, As I understand, you would want to simulate the life cycle for SIM integration, configuration and day to day tasks. You will have to look at below to start with : Integration Phase: 1) Identify the devices which you want to integrate with SIM. Action Item: Note the number of devices. Also check if you have enough license for those many devices. 2) Make sure these identified devices have Netforensics Agent (collector). Action Item: Check with SIM vendor about the available Agentscollector). 3) Netforensics components like Agent,Engine,Master etc works on specific ports. Action Item: Identify if you need to open these protocols/ports on the Networking devices like Firewalls etc for SIM to function correctly. 4) SIM Vendors would have recommendations on sysloging level to be configured on the devices. Action Item: Syslog configurations on the identified devices have set correctly as per recommendations by SIM vendor. 5) Please make sure you understand the functionality of each SIM components and you plan the architecture of these components accordingly. Configuration Phase: 1) Identify the type of attacks you expect to identify or are compliant with. Action Item: Please visit the built in attack rules.Configure additional co-relation rules if needed. 2) You need to make sure that you have configured the alerting mechanism Action Item: Configure/test the alerting machanism. 3) Make sure your components will be able to handle the expected load. Day to Day Phase:-) 1) You will need to perform fine tuning of your SIM environment based on the real time traffic trends etc Action Item: This is IMP. You will need to tweak certain rules, syslogging level based on your requirements. 2) Monitoring the devices which donot report to SIM Agent/Collector Action Item: I dont think Netforensics has alerting mechanism to inform when a device has stopped reporting to the SIM environment. You will need to have some manual process to cover this part. 3) Monitor the corelation event generation Action Item: If you feel you are not receiving certain alerts you expect to, you will need to modify the Co-relation rules. 4) Regular Updating/patching of the signatures released by SIM Vendor Action Item: SIM Vendors keep on releasing patches/signatures . You would need to make sure you have a process for updatiing this. 5) Make sure you have the support when in problem Action Item: Call the SIM vendor support couple of times with issues to get the confidence and understand what they need to open up support cases. Thsi will save time when you have critical issue. Hope this helps. Let me know if any questions. Thanks, Aditya Govind Mukadam http://www.linkedin.com/in/adityamukadam On Sat, Oct 10, 2009 at 10:56 AM, Mohamed Aymen SAHLI <sahli.aymen () gmail com> wrote:Hi all, In the context of acquisition of a SIM solution, netforensics, i will have to put in place a testing realistic environment where i will be simulating the life cycle of the SIM integration, configuration and day to day inherited tasks. i will be simulating attacks along with daily network and system activity in order to generate feeds to the SIM. My question is , where to start to put in place such a environment ? is there examples ? PS: i will be using virtualisation for sure as i don't really have the hardware for a physical testing network. All suggestions would be greatly appreciated. Best regards. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko +380503116172 ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- SIM Solutions testing environement. Eg. Netforensics Mohamed Aymen SAHLI (Oct 13)
- Re: SIM Solutions testing environement. Eg. Netforensics Nikhil Wagholikar (Oct 14)
- Re: SIM Solutions testing environement. Eg. Netforensics aditya mukadam (Oct 15)
- Re: SIM Solutions testing environement. Eg. Netforensics Gleb Paharenko (Oct 15)