Friday, January 19, 2007

On "Eight daily steps to a more secure network"

So, yeah, in light of this, why am I posting this. :-) Because folks who currently don't do anything, will certainly benefit from reading this list of daily security tasks.

And, of course, logs are there en masse :-)

"Look at your antivirus logs: Did a virus hit your e-mail system last night? Are the antivirus signatures up to date?" [I'd add: check AV logs for failed updates and scans as well as other AV failures and even AV software uninstallations and terminations]

"Read the security logs on your domain servers:
Did the system lock out any accounts last night? Pay special attention to any accounts with administrator access. Verify that lockouts were human error—and not part of a breach attempt." [I'd add - look for configuration changes, service restarts, various failures as well as resource issues - all might be indicative of attacks, failed or successful.]

"Check more logs: Take an in-depth look at IDS and firewall logs. Who on the Internet is knocking on your door? What are they looking for? Who on the inside of your network is doing something they shouldn't be?. If you find unauthorized and/or illegal activity, report it immediately, and take action to stop it." [I'd add look for NEW events from your IDSs which were never seen before]

Of course, if you happen to own a log management system, doing the above tasks would be a breeze :-)

No comments:

Dr Anton Chuvakin