admini – Page 178 – CyberSecurity Institute

Log management in the age of compliance

Posted on July 16, 2007December 30, 2021 by admini

While many criticize FISMA for being all documentation and no action, the law simply emphasizes the need for each federal agency to develop, document and implement an organizationwide program to secure the information systems that support its operations and assets. NIST SP 800-53, Recommended Security Controls for Federal Information Systems, describes log management controls including the generation, review, protection and retention of audit records, plus steps to take in the event of audit failure. It describes the need for log management in federal agencies and ways to establish and maintain successful and efficient log management infrastructures — including log generation, analysis, storage and monitoring.

NIST 800-92 discusses the importance of analyzing different kinds of logs from different sources and of clearly defining specific roles and responsibilities of those teams and individuals involved in log management.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security standards for health information.

NIST SP 800-66, An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act Security Rule, details log management requirements for the securing of electronic protected health information.

The Payment Card Industry Data Security Standard (PCI-DSS), which applies to organizations that handle credit card transactions, mandates logging specific details and log review procedures to prevent credit card fraud, hacking and other related problems in companies that store, process or transmit credit card data.

Logs, which by nature allow for tracking IT infrastructure activity, are the best way to assess if, how, when and where a data breach has occurred. The major effect the age of compliance has had on log management is to turn it into a requirement rather than just a recommendation, and this change is certainly to the advantage of any organization subject to these regulations. It is easy to see why log collection and management is important, and the explicit inclusion of log management activities in major regulations like FISMA, HIPAA and PCI-DSS highlights how key it truly is to enterprise security as well as broader risk management needs.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027080

Financial Institutions Warned New Fast Phishing Kit Found

Posted on July 13, 2007December 30, 2021 by admini

Gaffan noted when the RSA Anti Fraud Command Center (AFCC) found the new type of phishing kit they found it is actually a single file which creates an entire phishing site on a compromised server when “double-clicked” on, similar to “.exe” installation files.

This is a change from traditional phishing sites that usually include various files which are installed on a compromised server where the attack is hosted. The convenience of creating phishing attacks with the “plug-and-play” phishing kit has no impact on how these attacks are detected and mitigated. “The others who were attacked, were payment oriented sites, or have access to customer credentials,” he noted.

The trends RSA sees in the type of bank or credit union being attacked, Gaffan noted is the further penetration to smaller, regional banks and credit unions. They are now targeting small credit unions, with smaller pools of members and getting a small percentage of bites, Gaffan explained. One reason for the phishers moving down the scale is that the larger institutions are better prepared for takedown and countermeasures. Another type of phishing hitting regional banks and credit unions is “spear phishing,” Gaffan said. The phisher’s chance of getting a high hit rate is based on people feel more secure banking at a smaller institution, Gaffan explained.

http://www.bankinfosecurity.com/articles.php?art_id=499

Users: Encryption No Silver Bullet

Posted on June 27, 2007December 30, 2021 by admini

U.S. Trust’s Axelrod would not reveal what forms of endpoint security he uses within his organization, although he explained his back-end storage philosophy. “I believe in data restriction,” he said, explaining that his primary requirement “is to get rid of it as soon as it becomes obsolete.” “We have a branch of the military that we’re working with — they have a 15-character minimum password and you have to change the last 10 characters every 90 days,” said Kevin Gillis, vice president of secure file transfer at vendor Ipswitch.

Other users at the event cited the challenges posed by removable media and laptops, something that’s become a major headache for IT managers and CIOs.

A number of vendors, including SanDisk, Lexar, and Seagate, are currently touting solutions, designed to lock down data on laptops and USB drives, which is quickly catching on with IT managers and CIOs.

In a show of hands at another of today’s panel discussions, around a quarter of the 20-plus audience members confirmed that they are encrypting their laptop hard drives.

http://www.darkreading.com/document.asp?doc_id=127750&WT.svl=news1_2

Security Fears Slow Virtualization

Posted on June 23, 2007December 30, 2021 by admini

Among the respondents to the emedia survey, the chief security concerns were about virtualization patching and updates (32 percent), guest-to-guest attacks (27 percent), and the addition of new host software (22 percent).

IT professionals plan to attack these threats by taking various safety measures, including staff training/improving understanding (51 percent), patching/updating/hardening servers (38 percent), using firewalls (30 percent), and separating networks/subnetting/routing (25 percent).

http://www.darkreading.com/document.asp?doc_id=127420&WT.svl=news1_2

Online Attacks Increase at Financial Institutions

Posted on June 23, 2007December 30, 2021 by admini

For the last year RSA’s Anti Fraud Command Center has seen attacks moving progressively downward, particular targets are the federal credit unions, and smaller, regional institutions. The fraudsters, said Hinrichsen, are accomplishing their collection of information through spear phishing. He noted that the Internal Revenue Service was one of the first government agencies to be attacked. “At the end of the day, where ever there is a valuable credential, the fraudsters will go after it.”

Hinrichsen noted that the use of crimeware, like the Man-in-The-Middle phishing kit that RSA researchers first discovered in January continues to be used, “there is greater use of multi redirectors in phishing attempts. “It depends on what research you’re reading, consumers aren’t always know to look for the locks, but for the percent of internet users who do look for the lock, the attack is given that much more credibility,” he explained. “This is basically the same type of phishing attack of old, but now instead of using static attack pages, the phishers are replacing those with the real website pages from the institution.”

http://www.bankinfosecurity.com/articles.php?art_id=475

Securing the ‘Company Jewels’

Posted on June 22, 2007December 30, 2021 by admini

The problem, Oltsik says, is that although enterprises are mostly satisfied that they are keeping their IP safe, they are mostly dissatisfied with the amount of time and effort they have to expend to do it. “The bad guys want to steal what they can sell, and often, that’s a company’s IP.”

As a result, upcoming spending on intellectual property security will probably be geared toward automating the IP discovery, classification, and protection processes, Oltsik suggests.

http://www.darkreading.com/document.asp?doc_id=127306&WT.svl=news1_4