Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SIM Solutions testing environement. Eg. Netforensics

From: aditya mukadam <aditya.mukadam () gmail com>
Date: Thu, 15 Oct 2009 10:20:52 +0530
Hello,

As I understand, you would want to simulate the life cycle for SIM
integration, configuration and day to day tasks. You will have to look
at below to start with :

Integration Phase:
1) Identify the devices which you want to integrate with SIM.
                          Action Item: Note the number of devices.
Also check if you have enough license for those many devices.
2) Make sure these identified devices have Netforensics Agent (collector).
                         Action Item: Check with SIM vendor about the
available Agentscollector).
3) Netforensics components like Agent,Engine,Master etc works on specific ports.
                         Action Item: Identify if you need to open
these protocols/ports on the Networking devices like Firewalls etc for
SIM to function correctly.
4) SIM Vendors  would  have recommendations on sysloging level to be
configured on the devices.
                         Action Item:  Syslog configurations on the
identified devices have set correctly as per recommendations by SIM
vendor.
5) Please make sure you understand the functionality of each SIM
components and you plan the architecture of these components
accordingly.

Configuration Phase:
1) Identify the type of attacks you expect to identify or are compliant with.
                       Action Item: Please visit the built in attack
rules.Configure additional co-relation rules if needed.
2) You need to make sure that you have configured the alerting mechanism
                        Action Item:  Configure/test the alerting machanism.
3) Make sure your components will be able to handle the expected load.

Day to Day Phase:-)
1) You will need to perform fine tuning of your SIM environment based
on the real time traffic trends etc
                        Action Item: This is IMP. You will need to
tweak certain rules, syslogging level based on your requirements.
2) Monitoring the devices which donot report to SIM Agent/Collector
                        Action Item:  I dont think Netforensics has
alerting mechanism to inform when a device has stopped reporting to
the SIM environment. You will need to have some manual process to
cover this part.
3) Monitor the corelation event generation
                        Action Item:   If you feel you are not
receiving certain alerts you expect to, you will need to modify the
Co-relation rules.
4) Regular Updating/patching of the signatures released by SIM Vendor
                       Action Item: SIM Vendors keep on releasing
patches/signatures . You would need to make sure you have a process
for updatiing this.
5) Make sure you have the support when in problem
                       Action Item: Call the SIM vendor support couple
of times with issues to get the confidence and understand what they
need to open up support cases. Thsi will save time when you have
critical issue.

Hope this helps. Let me know if any questions.

Thanks,
Aditya Govind Mukadam
http://www.linkedin.com/in/adityamukadam




On Sat, Oct 10, 2009 at 10:56 AM, Mohamed Aymen SAHLI
<sahli.aymen () gmail com> wrote:


Hi all,
In the context of acquisition of a SIM solution, netforensics, i will
have to put in place a testing realistic environment where i will be
simulating the life cycle of the SIM integration, configuration and
day to day inherited tasks.
i will be simulating attacks along with daily network and system
activity in order to generate feeds to the SIM.
My question is , where to start to put in place such a environment ?
is there examples ?
PS: i will be using virtualisation for sure as i don't really have the
hardware for a physical testing network.
All suggestions would be greatly appreciated.
Best regards.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: