View Full Version : [SOLVED] Security is Process but how often
wdtd
March 16th, 2011, 10:33 PM
How often do you review/check your security procedures, your logs, etc.?
uRock
March 16th, 2011, 10:53 PM
I check my Snort log once or twice a week and my router's logs daily.
bodhi.zazen
March 17th, 2011, 01:01 AM
How often do you review/check your security procedures, your logs, etc.?
Depends on the system.
On my Desktop, at the moment, I am using selinux (fedora 14) and I review selinux alerts when they occur.
On my netbook I am using gentoo-hardened with pax/grsecurity and as I am new to pax/grsecurity I review it quite often. Once it is configured I probably will not feel the need to monitor it all that much as it is a fairly hardened system with (outside of the lo interface) no listening services.
On Ubuntu same would be true, but I use apparmor with a profile for all network aware applications. I modify the profiles so that I minimize any "false alarms".
Server side, it depends on the server and if the server is public (ie apache, ssh) or private (a dhcp or samba/nfs server behind a hardware firewall).
bodhi.zazen
March 17th, 2011, 01:02 AM
I check my Snort log once or twice a week and my router's logs daily.
That will certainly instill a healthy dose of paranoia.
uRock
March 17th, 2011, 01:11 AM
That will certainly instill a healthy dose of paranoia.
I only do it out of boredom.8) I like watching my router logs to see if anyone is trying to connect to it. I have had no violations listed in Snort nor my router logs. I have had some Snort alerts, but they came from a bad set of rules.
bodhi.zazen
March 17th, 2011, 01:14 AM
I only do it out of boredom.8) I like watching my router logs to see if anyone is trying to connect to it. I have had no violations listed in Snort nor my router logs. I have had some Snort alerts, but they came from a bad set of rules.
Ah, sounds fairly typical for a home setup.
Try putting snort on the other side of your router =)
uRock
March 17th, 2011, 01:19 AM
Ah, sounds fairly typical for a home setup.
Try putting snort on the other side of your router =)
I have been debating it. Turn off file sharing, remove the router and connect to the modem and see how long it takes to catch a port scan. It'll be fun.:P
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.