InfoSec Blog

There is no doubt that virtualization is the hot trend right now. Many companies are beginning the transformation of virtualizing their infrastructure or are in the planning stages to do so. Virtualization has many benefits but it also has some hidden costs and pitfalls many organizations don’t consider when adopting it. I wanted to touch on two issues which don’t seem to be widely known or understood with respect to virtualization: security and compliance.

The use of a centralized log server has often been highlighted in many of today’s security best practices. The constant need to collect, retain and protect these sensitive security event log files sometimes overwhelm security and systems administrators, especially in large corporate environments. When properly configured, security event logs are used to track user activity and access on specific systems or objects, and is a key element when tying to piece up the chain of events leading to a security incident. Many security administrators might know how cumbersome it is to manage such security event log files, and sometimes seek third party vendors to help them manage their security log files. The truth is that many of these problems can be solved using native features of your server operating system.

The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security Standards Council released version 1.2 of the DSS on October 1, 2008. The new version must be used by all organizations who begin a new PCI assessment after October 1st. If your organization is currently undergoing an assessment you have until December 31, 2008 to complete it using the previous 1.1 version of the standard. So what changed between 1.1 and 1.2? The following list highlights the major changes in the new standard.

With the rise in focus on security there has emerged a set of security requirements that enterprise software vendors must consider or else they run the risk of watching their sales pipeline come to a screeching halt. The following are ten "must have" requirements that I have come across while doing some proof of concepts:

Companies that have already had to contend with the security regulations of Visa’s CISP, MasterCard’s SDP, American Express’ DSOP and Discover’s DISC, before they were bundled together as PCI DSS, may have witnessed widespread rolling of the eyes among managers at the unveiling of Payment Application Best Practices (PABP). Just what they need – another spoonful of alphabet soup to further complicate their lives.

A former work colleague phoned me the other day and asked for some advice regarding NTP. Here's a quick overview of the problem he faced and what I have done in the past to move forward in this type of situation.

So it seems that alot of the Accessors are excited about the fact that compulsory compliance is being considered in Texas.

Section 10.2 of PCI DSS requires “…implementation of audit trails for all system components”. Sections 10.2.1 through 10.2.7 detail what specific actions need to be covered in the audit trail. Naturally, the first thing that caught my attention here are the System Object requirements, being specifically “creation and deletion of system level objects”. My reaction during both reviewing these specifications and also during implementation of the necessary technical controls has been: how does require logging in this fashion actually help detect an intrusion? Is the PCI DSS approach sound from a business perspective? Is it sound from an applied science perspective?

One of the best tools for doing a system examination is ProcMon (Formerly filemon) by Sysinternals (now owned by Microsoft.) If you havent used it befor then you dont know what you are missing.

My friend and former colleague called me again. He was grateful to have an active and operational NTP architecture, however he had now encountered a slight issue.

I made an interesting observation today that seems to have gone under the radar regarding file integrity montiring and the Data Security Standards. There is a change to requirement 11.5.