mailing list archives
Re: Information Security
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Fri, 14 Dec 2007 14:01:36 +0000
On 14/12/2007, Charles Hardin <fonestorm () gmail com> wrote:
Id like to assemble a toolkit both for gaining security control and
then maintaining it. Also pointers as to best practices and the like
would be most appreciated.
I like ISO17799 as a list of issues to think about. You'll probably be
able to find checklists on the web if you don't want to purchase the
full standard yet.
Shared logins are a big no-no, because they destroy your audit trail.
If you haven't got an audit trail, none of your policies can be
I'm a bit of a fan of a snort sensor connected to one of your core
routers as well - gives great visibility for assessing and diagnosing
If you need to motivate your bosses, ask for permission and then show
them how easy it is to compromise their network. Legal compliance
issues may help here too - depending on where your company is located.
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/