Checking your protection
Following up on Mari's earlier post about "Surviving a third party audit", here's one more pointer: If you've ever been on the receiving end of an audit, you probably found out that the core competency of an auditor seems to be in comparing two lists: Accounts in AD with the leaver list from HR. Implemented authorization with approved authorization. Issued patches with installed patches. Basic stuff all in all, and in the eye of many techies, proof that the auditor doesn't have the clue to find the real risks.
Well, maybe. But it is up to us all to raise the bar. Recently, in an audit at a third party site, I found that they were carefully patching their Unix systems, and had been doing so for years - good! But nobody ever thought of comparing the list of "Servers known to the patching tool" with "servers on the network". Consequence: Two dozen of their servers never got any patches. And nobody noticed - their lovely "status dashboard" turned "green" as soon as the patching tool reported "completion". Written up for things like these, an auditee usually gets annoyed with the auditor - but really should be annoyed at himself: Nobody should need an auditor to find obvious gaps like this one.
When was the last time you checked that all your systems have an up-to-date anti-virus without relying on what the anti-virus software's "management console" tells you? Start with just comparing the server names from the anti-virus console with those from, for example, Active Directory. Match? Then take it to the next level: query with some other tool (SMS/SCCM, WMIC, scripts, etc) to collect the version of the pattern file installed across all systems. Still a match?
To check your protection, compare two lists every now and then. It ain't that hard - even an auditor can do it :).
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
9 months ago
Anonymous
Dec 26th 2022
9 months ago
https://defineprogramming.com/
Dec 26th 2022
9 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
9 months ago
rthrth
Jan 2nd 2023
8 months ago