Security Basics mailing list archives
RE: Security Checklist
From: "Dave Kleiman" <dave () davekleiman com>
Date: Wed, 6 May 2009 01:53:51 -0400
First, is your company bound by any regulatory compliance (SoX, HIPAA, or maybe PCI)? A bunch have already suggested excellent checklists, since you mentioned Windows systems you might want to include the MS Common Criteria Guidelines, there are a bunch of checklists here: http://technet.microsoft.com/en-us/library/cc723510.aspx Then there are tools like S-Lok, that automate all those checklists and even provide a safety system in case someone alters something that is listed on the checklist, it changes it back and creates a log entry. http://www.s-doc.com/products/slok.asp Respectfully, Dave Kleiman - http://www.DigitalForensicExpert.com http://www.ComputerForensicExaminer.com - http://DigitalForensicAnalyst.com 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 Digital Computer Forensics + Data Recovery + Electronic Discovery -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Venkatesh Selvaraju Sent: Tuesday, May 05, 2009 13:23 To: info () jamesattard com Cc: security-basics () securityfocus com Subject: Re: Security Checklist CIS benchmarks are the industry wide acceptable standards for IT security controls and they have got it all from operating systems to routers to web servers: http://www.cisecurity.com/benchmarks.html HTH On Mon, May 4, 2009 at 10:31 PM, James Attard <james.attard () gmail com> wrote:
Dear list, I need some help to build up a security checklist for my company running mainly windows operating systems, apache webservers, and checkpoint firewall. What I have in mind is that everyday I dedicate not more than 1 hour and I look at this checklist and see whether the health status from a security point of view of the whole IT infrastructure is OK. What should I be looking at? What logs do I need to generate if they don't exist, and what information patterns should I look at in the Apache logs/Windows logviewers? Do I need some software to help me aggregate and process all this information? Regards, J ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Security Checklist James Attard (May 04)
- Re: Security Checklist Joseph McCray (May 05)
- Message not available
- Re: Security Checklist Sebastien MAHIEUX (May 05)
- Re: Security Checklist aditya mukadam (May 05)
- Re: Security Checklist exzactly (May 05)
- Re: Security Checklist Venkatesh Selvaraju (May 05)
- RE: Security Checklist Dave Kleiman (May 06)
- <Possible follow-ups>
- Security Checklist James Attard (May 05)
- Re: Security Checklist Ricardo Carrillo (May 05)
- Re: Security Checklist Richard Thomas (May 05)