Would you know if you had been hacked ?

It would be fair to say that many companies assume they have secure systems because they implement strict security measures.
The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is
doing it's job or have we just been lucky ?
It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited.

The problem with log files typically falls into a few categories.

1) The number of devices which require management.
2) The quality and retention period of the logs produces.
3) Undestanding the meaning of the files themselves.

Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few.

Firstly enable logging on each device, be familiar with the options for logging on these devices and make an effort to understand the logs. In medium to large networks consider implementing centralised logging such as syslog or a proprietory system.

I will focus more on log files and options in further posts. If you have any questions or related input please leave a comment.

Comments

Post a Comment

Popular posts from this blog

configuring the zmodo ZP-IBi-13W camera to work with Blue Iris Software.

Image
Off topic.......configuring the zmodo ZP-IBi-13W camera to work with Blue Iris Software. Many people have had issues getting these cameras to display video in any other sotware except the supplied z-viewer.  Here is how I got it working with the Blue Iris Software.  The settings may work with other software but have not been tested. Pre-Requisites First set the camera up using the instructions with the camera using zviewer and zsight software. You will need to find the cameras wireless ip address.   If possible set this statically by connecting to the cameras IP address using internet explorer.   .. http://ip-of-camera.. .   Note it does not work with Firefox of chrome. Once working you need to install Blue Iris Software on a machine which can contact the cameras.   Usually this will be sitting on the same network but it will work over a router network providing   the required ports are allowed Blue Iris Installation Load up the Blue Iris Software and Add a new camer
Read more

Apple MAC Fake Virus Alert

Similar to the windows fake AV alerts, MAC users have now been targeted with a fake AV scam. After visiting an infected site, the software scans the users hard disk and reports on viruses found. Users are then given the opportunity to purchase remedial AV software, thus parting with credit card information. The trick here is that is can masqurade as the legitimate MAC Defender application making the users less suspicious about the warnings. Apple Mac users have been adviced to disable a setting in the Safari browser that allows "safe" files to be automatically installed. Full details on removing and preventing this malware can be found here. Apple MAC Malware Removal
Read more

Fortinet releases 5.6 FortiOS for Fortigate but Analyzer users should not upgrade yet.

The new release of FortiOS has been around for several weeks now, however many users are realising that they cannot continue to use their FortiAnalyzer running the 5.4 code.  It needs to be upgraded to 5.6 on the Analyzer as well. One problem is that we are still waiting for 5.6 for FAZ.  Therefore people are downgrading. In all fairness the FAZ compatibility guide is quite clear but why release one without the other.
Read more