dean.white | 2 Sep 02:16 2008

Re: RE: Is Microsoft ISA approved for US government use?

Microsoft Internet Security and Acceleration Server 2004 – Enterprise Edition – Service Pack 2 –
Version 4.0.3443.594 is evaluated to EAL4+. 

A few important things to remember when using products from the CC are.

1> The device MUST be deployed and managed exactly as per the evaluated configuration, so in this case it has
to be Microsoft Internet Security and Acceleration Server 2004 – Enterprise Edition – Service Pack 2 –
Version 4.0.3443.594 (patch versions, configuration, even features). If the device can not be
installed, deployed and managed as per the evaluated CC target, then a risk assessment has to be performed
which assesses how the changes affect the environment and what controls you are going to implement to
mitigate the exposure of not using the device in its evaluated configuration. This is even the case if MS
bring out patches for the application, and especially so when you are going to use a different version of
the application. (Any other version of the application, even minor patches, service packs etc, mean that
the device is no longer in the evaluated configuration)

2> On many platforms, only certain features are evaluated. For example, on some devices, the firewall
component maybe certified but not the VPN component. You should read through the Target of Evaluation
documents and the Certification report to determine what parts of the MS ISA server are certified. So
using MS ISA server as an IDS may not be an evaluated feature.

Regards
Dean White
Principal
Oneguard Consulting

phion wong | 2 Sep 05:10 2008
Picon

Experiences and feedback on anti-DDOS solution

Hi all,

I am tasked with evaluating the current anti-DDOS solution on the
market. I am looking for feedback from people who have used the
following anti-ddos solution:

Arbor Peakflow
ISS Network Anomaly Detection System
Cisco Traffic Anomaly Detectors and Cisco Guard

Any problems faced while using them? How efficient are their anti-ddos
capabilities? If you have used any other solutions (other then the
various IPS, we are not really looking at IPS currently), please do
recommend.

Thanks and regards,

ॐ aditya mukadam ॐ | 1 Sep 07:24 2008
Picon

Security Auditing ?

Hello !

First of all, thanks everyone for sharing knowledge ! Also, sorry for
a very broad question below.

As per industry standards/job market :-) ,  Security Auditor should
have which certifications ? or , which certifications are recommended
to be a Security Auditor ?

 I understand that certification is not everything however the
relevant experience is also needed.Which are the recommended areas in
which a Security Auditor should have experience in ? Network
Security,Pen test etc ?

Thanks,
Aditya Govind Mukadam

aditya.mukadam | 2 Sep 04:34 2008
Picon

Security Auditing ?

Hello !

First of all, thanks everyone for sharing knowledge ! Also, sorry for a very broad question below.

As per industry standards/job market :-) ,  Security Auditor should have which certifications ? or , which
certifications are recommended
to be a Security Auditor ?

 I understand that certification is not everything however the relevant experience is also needed.Which
are the recommended areas in
which a Security Auditor should have experience in ? Network Security,Pen test etc ?

Thanks,
Aditya Govind Mukadam

cnanne | 2 Sep 18:37 2008
Picon

Data loss Protection

I am looking into data loss protection.  Two of the candidates I am looking into are Vericept and Vontu.  If
someone could get me some pro's and con's of why get one or the other that would be great.

cheers

PhoenixRbrth

Mark Teicher | 2 Sep 21:10 2008
Picon

Re: Data loss Protection

Are you sure about Vontu? They were acquired by Symantec a while back.
Data Loss Protection has many different definitions.

Are you concerned about documents leaving your environment via
electronic communications?

Are you concerned about documents leaving your environment via physical means?

Are you concerned about documents leaving your environment through a
rogue wireless access point?

Do you have a document classification policy?

Do you have an enforceable document classification policy?

Or are you just looking to spending money to a statisfy a 'pointy
haired manager's recent viewing of a news story regarding data loss
protection?

On 2 Sep 2008 16:37:03 -0000, cnanne <at> gmail.com <cnanne <at> gmail.com> wrote:
> I am looking into data loss protection.  Two of the candidates I am looking
> into are Vericept and Vontu.  If someone could get me some pro's and con's
> of why get one or the other that would be great.
>
> cheers
>
> PhoenixRbrth
>

(Continue reading)

Adam Pal | 3 Sep 09:13 2008
Picon
Picon

Re: Security Auditing ?

Hi 

That depends from company to company and from department to department. You can have a look 
at ISACA for get an idea on what fields they focus on during the certification.
Personaly i dont think that an auditor should be also a pentester, thats 2 different fields imho. Sure,
pentesting is also a kind of auditing, but mostly or in industry areas audits are relateted to standard
compliance, i.e. ISO27001. A Pentest can be as mentioned before, a part of the whole audit, but for me the
focus is the comparison with the standards.
Now you can say that you are mean security auditing and not standards auditing, well, this is a point when we
will have to go deeper, define what each of us understand under "security", define your requirements, and
then we will eventualy obtain a specification of "security auditing".

i hope i was able to help you a little

regards,
Adam Pal

-------- Original-Nachricht --------
> Datum: Mon, 1 Sep 2008 20:34:31 -0600
> Von: aditya.mukadam <at> gmail.com
> An: security-basics <at> securityfocus.com
> Betreff: Security Auditing ?

> Hello !
> 
> First of all, thanks everyone for sharing knowledge ! Also, sorry for a
> very broad question below.
> 
> As per industry standards/job market :-) ,  Security Auditor should have
> which certifications ? or , which certifications are recommended
(Continue reading)

Steve West | 3 Sep 04:52 2008
Picon

Binary file on server changed

Hi,

We utilize flite (http://www.speech.cs.cmu.edu/flite/doc/flite_4.html)
sound synthesizer for the visually impaired and this morning our file
integrity security notified me that the flite binary changed size and hashs:

Integrity checksum changed for: '/usr/bin/flite'
Size changed from '3017621' to '3020173'
Old md5sum was: '135af20d9209a9e0d5673cf0b057787d'
New md5sum is : '9da45771718daa5d7e75154812ce7912'
Old sha1sum was: '83339dbaa19f27bae01f9cd6b8cde537cf2a294b'
New sha1sum is : 'be0cbb2acec3c3c1c23846253830689f9a4a3e22'

Is there any way to see what changed in the flite.org and flite.new below:

flite.org: http://www.yousendit.com/download/bVlETkFwbWc1bmhFQlE9PQ
flite.new: http://www.yousendit.com/download/bVlETkFtRStwTVUwTVE9PQ

I'm wondering if the binary file was some how compromised?

thx,

SW

Daniel Miessler | 3 Sep 16:41 2008

The Definitions of Security and Risk

What follows is an argument for my preferred definition of Security
(and risk). First I will give the link to the original article,
located on my website, which is formatted nicely.

http://dmiessler.com/blog/my-preferred-definition-of-security

And below is the article itself, in plain text.

--

There is much debate in the information security world regarding the
proper definition of security. I have seen dozens of definitions over
the years, but I feel the following option most completely and
succinctly captures it.

"The process of maintaining an acceptable level of perceived risk."

There are a few things I like about this definition.
1.	PROCESS. i.e. it doesn't end.
2.	ACCEPTABLE. This alludes to the fact that the organization's upper
management decides—based on the entity's goals as a whole—how much
risk to take on. The crucial piece here is that this isn't for
security professionals to decide.
3.	PERCEIVED. In short, "you don't know what you don't know". And this
is where security professionals come in. Their entire job is to ensure
that management is making informed decisions.

Risk

As we all know, it's not a good idea to use words with disputed
(Continue reading)

Spence, H J | 3 Sep 21:47 2008

AVPN vs MPLS WAN

I am looking for a comparison of AVPN and MPLS for a security
assessment. Does any one have an experience with assessing AVPN in a Sec
audit?

Specifically: 

What is AVPN?

What does the AVPN product add to MPLS?

Is it end to end encrypted like VPN?

Thanks

James


Gmane