Some last minute issues apparently have arisen, so I’m holding out my complete release of the bulletin until I’m assured customers have been notified.
Customer’s have access to the bulletin, but I don’t think the vendor has officially notified the customers — and who regularly logs in to their vendor portal? So, I’d like to push back a bit on my release.
Stay tuned.
Information/outline for a discussion during a class I taught — will be expanded as time permits.
1. Security
a. Patching
i. Nessus (http://www.nessus.org)
ii. WSUS (http://technet.microsoft.com/en-us/wsus/default.aspx)
iii. MBSA (http://www.microsoft.com/technet/security/tools/mbsahome.mspx)
b. Antivirus
i. Log /Alert to an email
ii. Definitions up to date?
iii. Engine up to date
c. Physical Security
i. Control Access to the Server Room
ii. Locked door / locked cabinet
d. Websites
ii. http://www.securityfocus.com
2. Disaster Recovery
a. Do you have a plan?
i. Regular backups
ii. Offsite Storage
iii. Full over Differential over Incremental
iv. Offsite software storage (OS CDs, App CDs, Serial Numbers, etc)
v. Testing the process
vi. List of where to buy… new hardware, tapes, tapedrive, etc – stored offsite
3. Things to Review regularly
a. Server Drive space
b. Error Logs
c. AV definitions / functionality / logs
d. Patches / Vulnerability scanning
e. Backup / Restore
f. Documentation!
4. Troubleshooting
a. How to:
i. Understand how things work
ii. Know what’s normal and what’s not
iii. Check the logs first for more information
iv. Use your resources
1. RTFM
2. Google
3. Coworkers
4. Friends
v. The logical process
1. Examine the evidence
2. Determine what might be a cause
3. Determine a valid test – and test
I wrote an article for a friend’s website: http://www.adminprep.com. The article is here.
It covers manually reassembling packets in a packet capture, to the original source — i.e. locating the data payloads for a .gif, .zip, .mov, etc, and converting it back into a complete working file from the packet captures.
Kinda cool. I wanted to explore and understand sniffers better, so this was a good and enjoyable exercise.
Check ‘em out — all yours, all free, in the links section.
These templates allow you to generate reports which show only holes, or only warnings, or holes & warnings, by host, and by vulnerability. Much better, in my opinion. If you can’t find the link: http://www.aznetworksecurity.com/nessus_xsl.zip
These should be copied into (and over) the report_styles folder in a Windows install, and can be used on their own in Linux (afaik) as well.
Thanks to those that helped along the way. Please provide suggestions/tweaks, and let me know if you have any problems.
I have seen, on a very very large (20MB+) xml file, an inability to create the report. Odd, because it worked just fine if you select just holes, or just warnings, or the entire thing — but “Holes & Warnings” failed… go figure. If you have any ideas, holler.
Thx
Just getting this up and running (again) and hope to have more content here soon. Working on adding Nessus XSL templates, the current main impetus for getting this going again….
Thanks for checking in!