In previous articles we gave some introductory material on how to get started with the Assimilation software for security. In this article, we go into more depth and suggest a good way to improve your security by spending a half-day with the Assimilation software. We cover setting up email alerts for security changes, fixing your security issues, and setting up the Assimilation software on more systems.
Securing your systems is a daunting task – it feels like eating an elephant. When compared to hardening guidelines like the DISA/NIST STIGs, a single out-of-the-box system can have a hundred or more issues. When you multiply that by a large number of systems, despair and paralysis can easily set in. This article (fifteen minutes to better security) is first in a series which outline a process for efficiently measuring, triaging, and managing your journey towards a better security posture for your servers.
No matter your threat model, you need to understand what you have (“know yourself”). We help you begin this journey with activities which will teach you a surprising amount about your current status and the work ahead of you in 15 minutes. This article is not designed to teach you about security – I assume you know why you want to secure your servers, and have general background on system hardening.
Although the phrase “a picture is worth a thousand words” is a bit trite – it’s true. With 70% of our sensory data coming from vision, and having brains that are good at visual pattern recognition, humans are better at processing visualizations than we are at poring over numerous different text data sources. In this blog post, we’ll explore an attack surface visualization we’ve put together to help you better understand and manage server security.
S.M.A.R.T. goals are a good idea when setting goals for yourself, or for your company. In this article I discuss how to make your operational and security IT alerting more effective and less noisy by creating SMART alerting – Specific Measurable, Actionable, Relevant and Timely. In this article we explore the idea that alerts for both cybersecurity and operational issues should be SMART alerts.
Alerts that make sure you fix the things that need fixing and don’t waste resources when acting on noisy alerts.
If you manage, secure, or plan for IT environments or DevOps, we’d love for you to take our System Management survey. Right now, we’re busy planning on how to make the Assimilation Suite better in 2016. Your responses will be a huge help in giving us a sharp focus on how best to improve IT management for you and others in the IT community. If you can help us out, we’ll send you a small token of our appreciation
Keeping track of servers in a large organization is a daunting task, and one which many organizations don’t do well – sometimes with grave consequences. There are lots of reasons why systems get “lost”. If you can keep track of your servers, you can decrease your chances of an intruder getting in by 30%. In this article, we’ll look at what happens when you lose servers, and some of the ways people lose servers.
Although Linux systems are by-and-large more secure than many other systems, they still need to be administered intelligently. Stupid configurations often lead to unfortunate results. According to Akamai: “As the number of Linux environments has grown, the potential opportunity and rewards for criminals has also grown”. As part of the IT best practices project, I’ve recently added a rule which disallows password authentication over ssh. This blog post explains this, and why people who manage Linux systems should care.
The three pillars of IT security are confidentiality, integrity, and availability. Most of the press coverage is all about confidentiality – at least until we have an airline or two or three have trouble with availability ;-). Of course, availability is also a key dimension of server management with significant operational dimensions. Those of you who know me, know I have a deep expertise in availability. Unsurprisingly, in this post, I’m going to concentrate on availability – and the necessity of monitoring everything, and knowing that you’re monitoring everything.
Last weekend, I had the honor of giving the opening keynote on Friday at the 2015 Ohio LinuxFest and a session presentation on the Assimilation project the next day. Both talks were very well-received, but the reception the Assimilation project talk received from the standing-room audience was extraordinary. So it seems good to give a summary of the talk and why I think they resonated so strongly to it.
In lots of ways, the most dangerous attack any enterprise sustains comes one way or another through “social engineering”. The reason why this works so well is that it’s mainly an application of social skills – the kind people use everyday to work together and get things done every day. Like any tool, skill, or weapon, it can be used for good or for evil.
This came to mind when I was recounting a story from years ago to my friend Emily Ratliff – and she laughed and said “that’s social engineering” – and I suppose she’s right. So this week, I’ll tell the story of my tiny bit of social engineering that snagged me a cool book.