Security Basics mailing list archives
Re: Security Checklist
From: Ricardo Carrillo <davxoc () gmail com>
Date: Tue, 5 May 2009 10:07:07 -0500
Hi, You could start look at these links: http://checklists.nist.gov/ncp.cfm?repository (for windows) http://technet.microsoft.com/en-us/windowsserver/bb643141.aspx (for windows infrastructure) http://checklists.nist.gov/chklst_detail.cfm?config_id=94 (for apache) http://www.cisecurity.org/benchmarks.html (for all infrastructure listed above). Is good start to make your own check list... Good Luck. Ricardo 2009/5/4 James Attard <info () jamesattard com>:
Dear list, I need some help to build up a security checklist for my company running mainly windows operating systems, apache webservers, and checkpoint firewall. What I have in mind is that everyday I dedicate not more than 1 hour and I look at this checklist and see whether the health status from a security point of view of the whole IT infrastructure is OK. What should I be looking at? What logs do I need to generate if they don't exist, and what information patterns should I look at in the Apache logs/Windows logviewers? Do I need some software to help me aggregate and process all this information? Regards, J ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
-- :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: L.I. Ricardo D. Carrillo Sánchez :: Security Specialist :: Universidad Nacional Autonoma de Mexico :: :: Ciudad Universitaria , D.F. Mex :: e-mail prim.: davxoc at gmai dot com :: e-mail secu.: davxoc at hotmail dot com ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Security Checklist James Attard (May 04)
- Re: Security Checklist Joseph McCray (May 05)
- Message not available
- Re: Security Checklist Sebastien MAHIEUX (May 05)
- Re: Security Checklist aditya mukadam (May 05)
- Re: Security Checklist exzactly (May 05)
- Re: Security Checklist Venkatesh Selvaraju (May 05)
- RE: Security Checklist Dave Kleiman (May 06)
- <Possible follow-ups>
- Security Checklist James Attard (May 05)
- Re: Security Checklist Ricardo Carrillo (May 05)
- Re: Security Checklist Richard Thomas (May 05)