Tuesday, April 17, 2012

One Hour A Day Keeps Intrusions Away

In IT field, everyone is busy and forget about checking IT infrastructure security, by spending almost one hour daily, IT or security administrators will be able to prevent intrusions or at least detect them before it is too late.

All you need is to have reports generated from security tools in place for example antivirus, proxy, content filter, intrustion prevention systems, etc.. what about firewalls, if no log and reporting tool in place splunk (freeware) or OSSIM (opensource) can be used to generate required reports.

Addition to reports, you have to subscribe to one or more security alerts and news letters.

So how can we spend that hour daily ? simply the following can be done
  1. Based on Antivirus reports
    1. Review the top 5 infected computers
    2. Review the top 5 viruses infections
  2. Based IPS/IDS reports
    1. Review  IPS/IDS report top 5 source of attacks
    2. Review IPS/IDS REPORT top 5 targets of attacks
  3. Based on Proxy or content filtering reports
    1. Review top 5  visited web sites
    2. Review web links visited during non working hours or during week ends
    3. Review suspicious web links.
  4. Based on Firewall ports
    1. Review top 5 blocked ports
    2. Review top 5 blocked internal IP addresses
    3. Review accessed external ports (UDP/TCP)
  5. Search pastebin.com for posted information about your entity
  6. Search zon-h.org for unknown web defacement happened to your web server
  7. Review security news letters and alerts
Soon i will add more details about what to look for and how to identify possible or potentail intrusions or weaknesses.

No comments:

Post a Comment