Upgrading our file integrity monitoring solution using open source…

Protecting more than one server

Yesterday I published a quick blog which looked at what we could do an out of the box Windows server to monitor file integrity and audit/alert upon actions such as modify or deletes. This is however rather clunks and not really for business use, so next stop the open source world! Today we are going to look at OSSEC! Now before some people go mad about security and open source…. OSSEC is used in Alien Vault’s solution, is compliant with PCI and is used worldwide by loads of organisations and universities etc. Open source tools and security go hand in hand, stop with your crazy talk! Now we’ve got that rant over with let’s get onto the fun business!

OSSEC is an open source host intrusion detection solution which we can use to upgrade our auditing and alerting solution to be more feature rich and provide a centralised solution, for more info on OSSEC please visit their website – https://www.ossec.net/ Read more “Upgrading our file integrity monitoring solution using open source technologies – Part 1” →

Defense

How to audit sensitive file changes using out of…

Defending critical assets

In the wake the of the British Airways breach I thought I would shed some light on a technique to help detect and alert (help respond) to events that may affect critical business processes by modifying critical or sensitive files. We are going to start with a simple scenario using out of the box tools.

Auditing Critical Files

Windows Server comes with a number of security features including object access auditing, in this post we are going to take a brief look at enabling monitoring of sensitive data files. The example we are going to use are monitoring for changed to the web.config file used my .net web applications.

To start with in our example machine, we are going to need to enable audit object access either using local policy or preferably group policy (it should be noted you need to think about log volume, collection and retention/rotation). Read more “How to audit sensitive file changes using out of the box Windows Tools” →

Breach

British Airways breach

Not what you want to see when you’ve just paid for a holiday!

As reported across major news networks over the world, British Airways has suffered a data breach that not only includes customer data but also includes payment details. Details from 380,000 customers have been accessed by an unauthorised third party. More details can be found on news sites such as:

https://www.theregister.co.uk/2018/09/06/british_airways_hacked/

https://www.bbc.com/news/uk-england-london-45440850

It’s likely that attackers have compromised a web service which is linked to payment services, however no specific details have been released yet so until then we can only speculate.

In this post we look at the information reported by British Airways, guidance for customers from BA, ourselves and NCSC but also we discuss the steps business’s should be taking to ensure they have a strong security posture, especially where customer data is concerned. Read more “British Airways breach” →

Guides

My OSCP Diary – Week 1

A long time ago in a more civilised age

I’ve been working on the technology industry for the last 17 years, planning, designing, building and operating solutions since I was able to access the internet. I’ve been working the last 10 years as a consultant architect (across a number of domains) working with clients to understand their businesses, their technology needs, current deployments, gaps, road map and create solutions to enable their businesses, but you can’t do that if you introduce risks to businesses by creating unnecessary and unwanted security risks.

I’ve delivered services directly for and as part of a supply chain for a large range of organisation verticals from global media organisations, logistic firms, retail, telecommunications, media & entertainment through to local authorities, central government agencies, armed forces and the metropolitan police. Read more “My OSCP Diary – Week 1” →

Defense

How to write a bad password policy!

The authentication dilemma

I’ve worked with a lot of organisations over the years and seen lots of ways of doing certain things. Policy implementation is one of those! I’m in a fortunate position where I get to see different people’s policy documents, their systemic implementations and even interview staff to see how these work on the ground. So, I thought I’d write about password policies!

Humans like to be efficient and people also struggle to deal with the huge volume of identify management and authentication solutions they are presented with. Just think, how many passwords are required in everyday life?

Multiple 4-digit PIN codes for debit and credit cards etc.
Online banking sign in credentials (more PINS)
Gym padlock PIN combo (usually 4 characters)
Passwords for home computer
PIN code or password for mobile phone access
Passwords of phrases for telephone services e.g. to access your mobile phone account services
Social media credentials

The list goes on and on! Then let’s add in corporate IT services….

Anyone who’s worked in an office will have seen familiar sites of the following:

Password on post it notes
Password shared with colleagues
Password sellotaped to keyboard (either on top or underneath)
Passwords shouted across the office
Passwords written down on white boards