S3cur1ty_Guy Says: Thank's for stopping by

Recent Articles PoC's

While you're here: Learn how to protect your assets

Recomended Resources Public domain research

Auditing a Database Server

Things to log and audit on Application and DB Servers: Creation modification and deletion Enabling or disabling of auditing Changes in rights and roles on the system DB Startup, shutdown, backup, archiving Collection of performance stats

Auditing a FW

Things to log and Audit regularly: All Internal Network Traffic allowed outbound All External Network Traffic allowed inbound Inbound Email traffic Outbound Web and FTP Traffic Inbound VPN Tunnels and other Remote Access Sessions All inbound traffic that is blocked PAT and NAT if implemented

Access Control Methods

MAC – Mandatory Access Control Used in envornments requiring high levels of security (Government, Military) Need to Know Each access control subject (users & programs) are assigned clearance labels and access control system objects are assigned sensitivity labels. No read up – No write down applied to each subjects sensitivity…

Monitoring Security

Types of Monitoring Real Time – Someone sitting and watching live Active – Syslog type monitoring/alerting (additional layer of traffic) Passive – SNMP and HW devices with software that watched traffic like packet sniffers or probes. Components to Monitor: Network Security Keystroke *Intrusion Detection Systems are major security monitoring mechanisms.

Reasons to Perform Security Auditing

Find out who, what, when, where of transactions Identify potential breaches and/or incidents To fulfill goals and assessment of security policy To reconstruct events and activities For forensic proof of actions To facilitate a security review To generate reports Things To Audit External Boundary/DMZ – (Internet Routers and Firewall) Internal…

Security Operation Modes

Modes for authorizing processing and/or tranport Dedicated Mode – each user of service that has indirect or direct access to system including periphals has valid sec clearance/ formal approval and need to know for all aspects of the system. Very high level of access. Exclusive use by one particular type…

Systems Security Architecture

RAM – Random Access Memory ROM – Read Only Memory PROM – Programmable ROM ( Non volatile) EPROM – Erasable PROM (erased via ultra-violet light) EEPROM – Electrically Erasable PROM (erased by electrical charge instead of light) PLD – Programmable Logic Device (Electronic device used to build digital circuits. Combination…