Category: Systems Hardening

Are You Secure? Ten Signs That Your Security Program is Doing Pretty Well

Security is a process. It’s an evolving process that when mature, has certain qualities about it. Here are ten signs that your security program is at a decent point of maturity. A new critical security advisory is released and you

Posted in Dialogue, Incident Response, Secure Administration, Secure Design, Standards, Systems Hardening

Developing a Java Management Strategy

I considered many ways to title this blog post: The Scourge That is Java; Die, Java, Die!; or, perhaps Java, it’s time we had a talk. As a security guy, Java has been my nemesis. It has been far more

Posted in Risk Management, Secure Design, Systems Hardening, Vulnerabilities

The Immutable Friday Fav Five for September 9, 2011

Here are the five links that I found interesting for this week: The Shadowserver foundation is comprised of a group of volunteer security professionals who gather information about Internet-based crime. One of the more interesting projects is a compilation of

Posted in Computer Crime, Dialogue, Incident Response, Intrusion Detection, Log Analysis, Research, Secure Administration, Secure Design, Standards, Systems Hardening Tagged with: ,

Don’t Swallow the Blue Pill Just Yet

Virtualization is a quickly growing area in IT right now. The prospect of running dozens of virtual servers on one physical server is most appealing. As long as licensing costs don’t eat up too many of the savings, it really

Posted in Computer Crime, Risk Management, Secure Administration, Systems Hardening Tagged with:

Why Your Windows Log Size Settings May Be Too Big

Awhile back, I posted about how certain versions of Windows always have the capability to lose logs. I encourage you to read the full post to understand the issues involved, then come back here and continue reading. The basic problem

Posted in Dialogue, Log Management, Research, Secure Design, Systems Hardening

An Analysis of the Analysis of the Apache.org Attack

Over at the Apache blog, you’ll find a nice and detailed incident report on the recent, successful attack on Apache.org. I thought it might be worth a few minutes to share my thoughts on their write-up. First, I would like

Posted in Computer Crime, Ethics, Incident Response, Intrusion Detection, Log Analysis, Secure Administration, Secure Design, Systems Hardening Tagged with: , ,

Three Things to Remember When Configuring Logging

You set up a centralized logging server. Check. You installed the OSSEC manager to analyze your logs in real-time. Check. You even managed to implement high availability. Good going! Now your ready to start configuring clients. It should be as

Posted in Incident Response, Intrusion Detection, Log Analysis, Secure Administration, Systems Hardening Tagged with: , ,

Why Windows Can Always Lose Logs

Note: The following post applies to Windows versions prior to Vista. I have not researched how logging has changed in versions greater than Vista. I can only assume and hope that is has changed for the better in new versions.

Posted in Intrusion Detection, Log Analysis, Secure Administration, Systems Hardening Tagged with: ,

OSSEC 2.3 Released

OSSEC 2.3 is out. It has some interesting new features such as the ability to run a command and capture the output like a log. This really opens up possibilities. I’d also like to get some time to explore how

Posted in Intrusion Detection, Log Analysis, Secure Administration, Systems Hardening Tagged with:

When Best Practice Really Isn’t: No AV on Mail Servers

A conversation with a McAfee engineer last week reminded me of something I have occasionally encountered over the years: Windows mail server admins who insist that file system AV isn’t necessary on their server. The logic for this has always

Posted in Secure Administration, Secure Design, Systems Hardening Tagged with: ,