Security Basics mailing list archives
Re: Information Security Incidents
From: Brad Edmondson <brad.edmondson () gmail com>
Date: Wed, 23 Sep 2009 22:23:01 -0400
I might add unexpected behavior (pre and post auth), impossible logins (china and new york and seattle within 30 minutes), and anything else you care to include from the SANS top 5 logs: http://www.sans.org/resources/top5_logreports.pdf I would also add that writing a custom app from scratch to do this may not work as well as dumping all logs into a central logging host and then teasing these security events out of it with filters. You will have access to more data and a better event infrastructure that way, and won't have to reinvent parsers, etc. Think splunk, ossim, and the like. Regards, Brad On 2009-09-23, Dan Vultur <Dan.Vultur () btrl ro> wrote:
Hello list, In our company we are trying to develop an in-house application which will collect all information security related incidents. The developers of this applications are asking me what criteria should be there in the scroll-down. On the fly I am thinking at the following criteria: - unauthorized access, - business continuity - loss of confidentiality - etc Can you please give me some advice on which criteria should be used if you have implemented a well-known solution on this aspect. Many thanks, Dan Acest e-mail con?ine informatii care pot fi, partial sau ?n ?ntregime, protejate de lege. Orice utilizare sau transmitere neautorizata a acestui mesaj, totala sau partiala, este strict interzisa. Aceste informatii sunt adresate doar destinatarului si pot sa nu exprime punctele de vedere ale Bancii Transilvania. ?n cazul ?n care o eroare de transmitere a directionat gresit acest e-mail, va rugam sa notificati autorul printr-un raspuns la mesaj. Daca nu sunteti destinatarul vizat, nu aveti permisiunea sa dezvaluiti, sa distribuiti, sa copiati, sa tipariti sau sa utilizati acest e-mail. This e-mail contains proprietary information some or all of which may be legally privileged. Any unauthorized use or dissemination is prohibited. It is for the intended recipient only and does not express the views of Banca Transilvania S.A. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print, or rely on this e-mail. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Information Security Incidents Dan Vultur (Sep 23)
- Re: Information Security Incidents Adam Pal (Sep 28)
- Re: Information Security Incidents dmorrow5 (Sep 28)
- RE: Information Security Incidents Chitre, Salil (Sep 28)
- Re: Information Security Incidents Brad Edmondson (Sep 28)