InfoSec News

Control 1
How many servers are in your DMZ?

How many Servers do you have in total?

How many workstations are connected to the network?

How many printers?

Switches/switches/routers/firewalls/Access Points?

If you can answer all the questions above for your organisation accurately, well done. Unfortunately the reality is that many people will not be able to answer them at all.

Knowing what you have in your environment is critical to the security of the environment. We know that many attackers use automated processes to identify and attack machines on the internet. If you are not aware of what internet facing systems you have, or they are not controlled, then it is likely that they will be discovered and compromised quickly. So it is quite important to know what is actually there.

How can you achieve that? you need to be able to control what is plugged in. Failing that, you will need to know when something has been plugged in. 802.1x controls or other forms of Network Access Control will help you achieve the first, but this may not be suitable for all areas of your environment, or you may not get around to implementing it for a while.

Detecting what is plugged in can be achieved in a number of ways. Tools like arpwatch will detect when something is plugged in. You could scan the network segment on a regular basis using something like nmap and use ndiff to compare the results. This will let you know when something is connected to your network. You my be able to watch DHCP allocations and detect or prevent unauthorised allocations. In order for it to be effective you will need some sort of inventory, if you don't know what you have, then you will not know what should or should not be there. Document the operating systems in use, the types of hardware used, switch types, printer types etc.

There are of course other tools that will help in this scenario. Many management tools will have inventory capabilities, some patching tools have the capability and some of the AV solutions will now detect unknown devices on the network.

What do you do to identify and control what is on your network?

Mark - Shearwater (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle CEO Larry Ellison unveiled the Exalytics Intelligence Machine, the latest member of the company's products that combine software and hardware, during a keynote address at the OpenWorld conference on Sunday in San Francisco.

Chris Hoff, HacKid.org Leads UNITED Security Summit Award Winners
EON: Enhanced Online News (press release)
The Innovation Award: recognizing the organization, individual or project that has demonstrated exemplary innovation in addressing infosec challenges. This winner of this year's Innovation Award is: Cloudflare, selected for its innovative approach to ...

and more »
[the following is a guest diary contributed by Dr. Eric Cole]
One of the questions I often receive is what are the twenty critical controls. however they are critical to achieving an optimal level of security. Each of the 20 control areas includes multiple individual sub-controls, each specifying actions an organization can take to help improve its Defences.

Additionally, the controls are designed to support agencies and organizations that currently have different levels of information security capabilities. To help organizations focus on achieving a sound baseline of security and then improve beyond that baseline, certain subcontrols have been categorized as follows:

Quick Wins: These fundamental aspects of information security can help an organization rapidly improve its security stance generally without major procedural, architectural, or technical changes to its environment. It should be noted, however, that a Quick Win does not necessarily mean that these subcontrols provide comprehensive protection against the most critical attacks. If they did provide such protection, there would be no need for any other type of subcontrol. The intent of identifying Quick Win areas is to highlight where security can be improved rapidly.
Improved Visibility and Attribution: These subcontrols focus on improving the process, architecture, and technical capabilities of organizations so that the organization can monitor their networks and computer systems, gaining better visibility into their IT operations. Attribution is associated with determining which computer systems, and potentially which users, are generating specific events. Such improved visibility and attribution support organizations in detecting attack attempts, locating the points of entry for successful attacks, identifying already-compromised machines, interrupting infiltrated attackers


Dr. Eric Cole

twitter: drericcole

cole .at. secure-anchor.com
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Oracle is apparently adding two more members to its family of systems that combine hardware and software, including one that targets 'Big Data' and another with in-memory computing capabilities.
Microsoft's Internet Explorer last month continued to shed users, losing the largest chunk of market share since December 2010, Web measurement firm Net Applications said.
Internet Storm Center Infocon Status