ISC StormCast for Tuesday, October 28th 2014 http://isc.sans.edu/podcastdetail.html?id=4211

Do you remember your "first love"?

Published: 2014-10-28
Last Updated: 2014-10-28 03:05:10 UTC
by Russell Eubanks (Version: 1)
2 comment(s)

I will never forget the name of my first server - Rachel. I was very proud to be the person whose job it was to defend Rachel from all types of disruption. To this day I still remember each IP address, user account, service account and application. When patches were installed, I manually verified they had been applied successfully. I diligently reviewed the logs and configured full auditing to let me know the success and failure of just about everything. 

I have administered many servers since Rachel, but do not remember as much about them as I do about my "first love”. Consider this an invitation to fall back in love with your servers. An invitation to return back to the time when you did everything possible to defend them. It may be possible that by returning to the diligence you once had, many problems and outages could be avoided.

How can you do this? The act of actively measuring how well you manage, secure and maintain your severs can very well be the catalyst you need to return back to your "first love”. Consider creating and sending yourself a daily report that clearly shows its current security posture. What are good candidates for this report? I am glad you asked, Some of my favorites include the following. 

  • Mean time to detect a network scan
  • Mean time to identify a new administrator account
  • Mean time to identify a new service running (or not running anymore)
     

There are certainly many metrics you could track. Pick a few and diligently check them every day for the next month. You'll be glad you did! 

Feel free to use our comment page to let us know what you are doing to remember your “first love”.

 

 

Russell Eubanks

@russelleubanks

Keywords:
2 comment(s)

Comments


Diary Archives