Re: Information Security Incidents

[Brad Edmondson <brad.edmondson () gmail com>]

I might add unexpected behavior (pre and post auth), impossible logins
(china and new york and seattle within 30 minutes), and anything else
you care to include from the SANS top 5 logs:
http://www.sans.org/resources/top5_logreports.pdf

I would also add that writing a custom app from scratch to do this may
not work as well as dumping all logs into a central logging host and
then teasing these security events out of it with filters.  You will
have access to more data and a better event infrastructure that way,
and won't have to reinvent parsers, etc.  Think splunk, ossim, and the
like.

Regards,
Brad

On 2009-09-23, Dan Vultur <Dan.Vultur () btrl ro> wrote:
> Hello list,
>
> In our company we are trying to develop an in-house application which will
> collect all information security related incidents. The developers of this
> applications are asking me what criteria should be there in the scroll-down.
>
> On the fly I am thinking at the following criteria:
>
> -  unauthorized access,
> -  business continuity
> -  loss of confidentiality
> -  etc
>
> Can you please give me some advice on which criteria should be used if you
> have implemented a well-known solution on this aspect.
>
> Many thanks,
>
> Dan
>
>
>
> Acest e-mail con?ine informatii care pot fi, partial sau ?n ?ntregime,
> protejate de lege. Orice utilizare sau transmitere neautorizata a acestui
> mesaj, totala sau partiala, este strict interzisa. Aceste informatii sunt
> adresate doar destinatarului si pot sa nu exprime punctele de vedere ale
> Bancii Transilvania. ?n cazul ?n care o eroare de transmitere a directionat
> gresit acest e-mail, va rugam sa notificati autorul printr-un raspuns la
> mesaj. Daca nu sunteti destinatarul vizat, nu aveti permisiunea sa
> dezvaluiti, sa distribuiti, sa copiati, sa tipariti sau sa utilizati acest
> e-mail.
>
> This e-mail contains proprietary information some or all of which may be
> legally privileged. Any unauthorized use or dissemination is prohibited. It
> is for the intended recipient only and does not express the views of Banca
> Transilvania S.A.  If an addressing or transmission error has misdirected
> this e-mail, please notify the author by replying to this e-mail.  If you
> are not the intended recipient you must not use, disclose, distribute, copy,
> print, or rely on this e-mail.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and how
> your customers can tell if a site is secure. You will find out how to test,
> purchase, install and use a thawte Digital Certificate on your Apache web
> server. Throughout, best practices for set-up are highlighted to help you
> ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------