InfoSec Blog

So what is Splunk? At its core Splunk is a search engine. It was designed to allow any data from an infrastructure device to be indexed and searched. Any output from applications, servers and network devices can be “eaten” by Splunk. However, Splunk has become more than just a standalone product. The current 3.x series of the product has opened up the internal API and exposed it to allow outside development of new applications on top of the Splunk core. This post is going to touch on some of the capabilities available to developers looking to get even more out of their Splunk installation. I am going to be discussing two elements of Splunk that a user can customize and enhance in the current product release: Spunk UI customization and RESTful applications.

There is no doubt that virtualization is the hot trend right now. Many companies are beginning the transformation of virtualizing their infrastructure or are in the planning stages to do so. Virtualization has many benefits but it also has some hidden costs and pitfalls many organizations don’t consider when adopting it. I wanted to touch on two issues which don’t seem to be widely known or understood with respect to virtualization: security and compliance.

Web application testing tools are a dime a dozen these days. This post is a short list and description of the tools my colleagues and I use during our web app testing engagements. There are many more tools, both freeware and commercial, that can be used to assist in testing.

Ever since it’s debut, Microsoft Windows 2008 Server has awed security and systems administrators with its complex and innovative features. With threats becoming each day more immanent and efficient, security system administrators face the tedious task of protecting Microsoft’s new giant. In this article we compiled some of the industries best practices such as NIST to show you some of the features and ways to reduce your windows 2008 servers’ exposure.

The use of a centralized log server has often been highlighted in many of today’s security best practices. The constant need to collect, retain and protect these sensitive security event log files sometimes overwhelm security and systems administrators, especially in large corporate environments. When properly configured, security event logs are used to track user activity and access on specific systems or objects, and is a key element when tying to piece up the chain of events leading to a security incident. Many security administrators might know how cumbersome it is to manage such security event log files, and sometimes seek third party vendors to help them manage their security log files. The truth is that many of these problems can be solved using native features of your server operating system.

This is the second part of the installation of the operating system for a Splunk deployment. the first portion of the installation got us through the longest part of the installation. We have our partitions in place and are ready to move on to the next steps and finish the installation.

For the purpose of this blog series I am going to go through installing the operating system for Splunk. The operating system that I have chosen in Suse Enterprise 10. My goal in this blog series is to provide a step by step installation guide and configuration guide. While you will not be either a Splunk expert or a Linux expert after reading this series you will be able to forward, maintain, and take care of the logs within your environment. I chose to use Suse for the installation for two reasons. First I wanted the smallest footprint from the operating system as I could achieve so Linux was the obvious choice. Second, and more specifically, I chose Suse because of my familiarity with the OS and the ability to use Yast for installing additional packages if needed. this could be tweaked for other Linux installations. Installing the operating system. I didn't take the time to add fluff or colorful commentary to this installation guide. It is for those out there that want a straightforward, get it done, guide.

The PCI Data Security Standard (DSS) has just undergone a refresh. The PCI Security Standards Council released version 1.2 of the DSS on October 1, 2008. The new version must be used by all organizations who begin a new PCI assessment after October 1st. If your organization is currently undergoing an assessment you have until December 31, 2008 to complete it using the previous 1.1 version of the standard. So what changed between 1.1 and 1.2? The following list highlights the major changes in the new standard.

In this article you will learn how to identify and remediate one of the most common DNS vulnerabilities.

How many times has your email inbox been flooded with unsolicited email messages? How many times do you have to say that you do not want Viagra, nor interested in any sort of pharmaceutical drugs offered on these messages? Do you catch yourself sometimes thinking how good it would be if you could get rid of all that spam?