security ops checklists

Viewing 4 reply threads
  • Author
    Posts
    • #8178
      cb122
      Participant

      I know this site is packed full of experts in the art of pen testing and ethical hacking, but due to your security expertise I was wondering if you can help point me in the direction of some sort of security operations checklist. I.e. the day to day maintenance and monitoring tasks required to maintain acceptable levels of security on your internal host systems. Microsoft has started publishing operations frameworks for many of their server products, i.e. if we take the Active Directory domain services document, it lists numerous routine security “tasks”, such as:

      • Review the Remote Access Service account access policy, and update it to meet security policies.
      • Review User account properties, and update the Remote Desktop group to meet security policies.
      • Remove locked-out, disabled, or expired accounts.
      • Ensure that the most restrictive permissions are applied (shares)
      • Remove shared folders that are no longer required.
      • Verify and ensure that NTFS file system permissions are set appropriately on all shared folders and content in shared folders.

      So there is some information I can obtain from here. But if you have ever had any role in security ops as opposed to pen testing, I wondered if you have any input you can share. I am looking at this from a risk assessment perspective, to see if they are doing such tasks, but I was struggling to find anything comprehensive. So any guidance or links to such documentation most welcome. But any sort of essential security operations lists be it daily, weekly, monthly etc would be a great help.

      Many Thanks

    • #51698
      dynamik
      Participant
    • #51699
      cb122
      Participant

      @ajohnson wrote:

      https://benchmarks.cisecurity.org/downloads/multiform/index.cfm and http://csrc.nist.gov/publications/PubsSPs.html should get you started.

      Thanks for the link. If you have senior management serious abaout security where you work, or for your clients, do they ever ask for any specific security metrics to gauge how well they are doing? If yes which specific metrics do you use/produce?

    • #51700
      lorddicranius
      Participant

      SANS 20 critical security controls is another good document to reference: http://www.sans.org/critical-security-controls/

      Each control shown there explains the what and why, implementation methods, automation, metrics, etc.

    • #51701
      dynamik
      Participant

      I personally haven’t done a great deal with metrics. This is a good read though: http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989/ref=sr_1_1?ie=UTF8&qid=1359433535&sr=8-1&keywords=security+metrics

      I would review your risk assessments and policies in order to get an idea of which metrics may be meaningful to you.

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?