funsec mailing list archives
Yet Another Security Vendor Spamming
From: "Les Bell" <lesbell () lesbell com au>
Date: Fri, 24 Apr 2009 22:20:24 +1000
This is the second from them this week. And the email is composed in MS Word, even. I wonder if they think it's actually educational in some way. They're off my Christmas card list, for sure. . . Best, --- Les Bell [http://www.lesbell.com.au] Tel: +61 2 9451 1144 ----- Forwarded by Les Bell/Les Bell and Associates Pty Ltd on 24/04/2009 10:17 PM ----- "Ecom Infotech (I) Ltd." To: "Info" <info () lesbell com au> <consulting@sgius cc: .com> Subject: Enterprise Security Management 24/04/2009 10:09 PM Please respond to "Ecom Infotech (I) Ltd." Dear IT Head, <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> What do you do when the logging is turned off ? How soon you will know? Does that create a blind spot? Let's see a typical low and slow attack: Attack step: Attacker action: Action revealed in: 1. Probe Runs port scans seeking targets with Log data known vulnerabilities. 2. ID entry point Identifies a target system with a known Log data vulnerability. 3. Access Brute-forces access to the system with Log data multiple failed logins preceding the successful login. 4. Admin privilege Escalates to Admin/Root or created a new Asset data account with Admin privilege. 5. Config change Disables logging. Configuration data 6. Exploit vulnerability Creates a buffer overflow that spikes Vulnerability & Performance data performance by exploiting vulnerability. 7. Rogue app Installs a back door to the system. Asset data 8. Data theft Steals confidential data. Flow data Traditional SIM Co-relate Log, Asset , Configuration, Vulnerability, Performance and Network flow data in a single integrated Platform brining actionable intelligence. Attackers employ "low and slow" attacks designed to evade detection from existing defenses like IPS and device security. Timely detection of these "low and slow" attacks is elusive for log management systems because it requires the real-time collection and correlation of multiple sources of data. Specifically, log, asset, configuration, vulnerability, performance and network flow data each contribute to identifying different aspects of an attack. Can we help you ? We offer one of the most cost effective solutions (Embedded image moved to file: pic08431.gif) We also offer the foll services/ end to end solutions: 1. COBIT, ISO 27001/ 20000, BS25999 Framework Implementation: Compliance with COBIT, ITIL or ISMS best practices implementation. 2. IT Audit and other related Assurance services. We are certified IT Auditors. 3. Enterprise Identity Management: Complete security based solutions for Identity and Access Management, Single Sign On solutions and Federated Identity Management in a SOA or Distributed Environment. 4. Privileged Users' Monitoring Solutions. ?Reports suggest that 70% Frauds were caused by Insiders. 5. Business Continuity Management and Resilience Services- Are you proactively prepared for unplanned outages? Should you be interested in our services, please drop an email to ac () sgius com. For more details visit www.sgius.com Best Regards Ashwin K Chaudary MBA (IT), CISSP, CISA, CGEIT, ISO 27001LA, ITIL, PMP
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Yet Another Security Vendor Spamming Les Bell (Apr 27)