Security Basics mailing list archives
Re: Information Security
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Fri, 14 Dec 2007 14:01:36 +0000
On 14/12/2007, Charles Hardin <fonestorm () gmail com> wrote:
Id like to assemble a toolkit both for gaining security control and then maintaining it. Also pointers as to best practices and the like would be most appreciated.
I like ISO17799 as a list of issues to think about. You'll probably be able to find checklists on the web if you don't want to purchase the full standard yet. Shared logins are a big no-no, because they destroy your audit trail. If you haven't got an audit trail, none of your policies can be effectively enforced. I'm a bit of a fan of a snort sensor connected to one of your core routers as well - gives great visibility for assessing and diagnosing problems. If you need to motivate your bosses, ask for permission and then show them how easy it is to compromise their network. Legal compliance issues may help here too - depending on where your company is located. cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/
Current thread:
- Information Security Charles Hardin (Dec 14)
- Re: Information Security Jamie Riden (Dec 14)
- <Possible follow-ups>
- Re: Information Security Matthew Webster (Dec 14)
- RE: Information Security Sheldon Malm (Dec 14)
- Policy enforcement- Admin accounts WALI (Dec 17)
- Re: Policy enforcement- Admin accounts Charles Hardin (Dec 17)
- RE: Policy enforcement- Admin accounts Ricky Kerby (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Message not available
- Re: Policy enforcement- Admin accounts Can DEGER (Dec 17)
- Re: Policy enforcement- Admin accounts Paul J. Brickett (Dec 17)
- Re: Policy enforcement- Admin accounts mgk.mailing (Dec 18)
- Re: Policy enforcement- Admin accounts Raoul Armfield (Dec 18)