The Ethical Hacker Network - security ops checklists

Latest Additions

Who's Online

cb122

Newbie

Offline

Posts: 20

security ops checklists

« on: January 28, 2013, 06:45:37 AM »

I know this site is packed full of experts in the art of pen testing and ethical hacking, but due to your security expertise I was wondering if you can help point me in the direction of some sort of security operations checklist. I.e. the day to day maintenance and monitoring tasks required to maintain acceptable levels of security on your internal host systems. Microsoft has started publishing operations frameworks for many of their server products, i.e. if we take the Active Directory domain services document, it lists numerous routine security “tasks”, such as:

• Review the Remote Access Service account access policy, and update it to meet security policies.
• Review User account properties, and update the Remote Desktop group to meet security policies.
• Remove locked-out, disabled, or expired accounts.
• Ensure that the most restrictive permissions are applied (shares)
• Remove shared folders that are no longer required.
• Verify and ensure that NTFS file system permissions are set appropriately on all shared folders and content in shared folders.

So there is some information I can obtain from here. But if you have ever had any role in security ops as opposed to pen testing, I wondered if you have any input you can share. I am looking at this from a risk assessment perspective, to see if they are doing such tasks, but I was struggling to find anything comprehensive. So any guidance or links to such documentation most welcome. But any sort of essential security operations lists be it daily, weekly, monthly etc would be a great help.

Many Thanks


	Logged

ajohnson

Recruiters
Hero Member

Offline

Posts: 1057

aka dynamik

Re: security ops checklists

« Reply #1 on: January 28, 2013, 07:47:27 AM »

https://benchmarks.cisecurity.org/downloads/multiform/index.cfm and http://csrc.nist.gov/publications/PubsSPs.html should get you started.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

cb122

Newbie

Offline

Posts: 20

Re: security ops checklists

« Reply #2 on: January 28, 2013, 10:25:21 AM »

Quote from: ajohnson on January 28, 2013, 07:47:27 AM

https://benchmarks.cisecurity.org/downloads/multiform/index.cfm and http://csrc.nist.gov/publications/PubsSPs.html should get you started.

Thanks for the link. If you have senior management serious abaout security where you work, or for your clients, do they ever ask for any specific security metrics to gauge how well they are doing? If yes which specific metrics do you use/produce?


	Logged

lorddicranius

Sr. Member

Offline

Posts: 447

Re: security ops checklists

« Reply #3 on: January 28, 2013, 11:13:25 AM »

SANS 20 critical security controls is another good document to reference: http://www.sans.org/critical-security-controls/

Each control shown there explains the what and why, implementation methods, automation, metrics, etc.


	Logged

GSEC, eCPPT, Sec+

ajohnson

Recruiters
Hero Member

Offline

Posts: 1057

aka dynamik

Re: security ops checklists

« Reply #4 on: January 28, 2013, 10:28:45 PM »

I personally haven't done a great deal with metrics. This is a good read though: http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989/ref=sr_1_1?ie=UTF8&qid=1359433535&sr=8-1&keywords=security+metrics

I would review your risk assessments and policies in order to get an idea of which metrics may be meaningful to you.


	Logged

WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.

Pages: [1] Go Up

« previous next »

Exclusive Deal

SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters

5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013

Recent Forum Topics

EH-Net News Feeds

Latest Additions