Importance of establishing a security baseline

Hello all,

In this post I will go over what I think should be part of every businesses security process

What is establishing a base line ?

the purpose of establishing a baseline is to know what is normal and what is not normal activity
on your network for example

if you have a website www,mysite.com you should know how much traffic you get to your site
how many logins a day how much server resources are needed to run this website

this helps with security and troubleshooting example

if your site is really slow you check your servers logs and you have 100+ logins per hour and your CPU usage is high
if you have no baseline what do you compare to ? is this simply regular traffic and your server needs to be upgraded or are you being attacked ?

without a simple baseline you would never know

Also a baseline means rolling out servers and network equipment with a security configuration that adheres to security best practices
for example Microsoft has a tool called MBSA or Microsoft security baseline analyzer this tool make sure
your server are configured to meet the security needs of you servers and your clients
making sure your systems are patched and are following best practices for password security

how else can you establish a baseline ?

1.) check your servers and network equipment regularly for trends in activity
2.) keep a minimum security baseline by following security best practices i.e password with at least 8 characters
3.) run automated tools like Microsoft baseline security analyzer for your windows server

These are just some examples

you can also reference this document by the NIST http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf
which recommends other ways to establish a baseline security policy

So all in all remember maintaining a baseline is just as important as the firewall you rely on to
secure your network

That’s all for this article
If you have any comments or suggestions please let me know !
as always stay secure !!!

Apple attacked by hackers

Apple is reporting being attacked by hackers

the attack affected a small number of Apple corporate computers
after a hacker crafted a sophisticated attack which took advantage of an exploit in the java browser plugin after the exploit was successful the attacker was able to install malware on the affected computers the attack was started when the affected system visited a compromised website hosting the exploit

Apples statement to www.pcmag.com

“Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers,” Apple said in a statement to PCMag.com. “The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers.”

A “small number” of Apple employees’ Mac computers were breached, though “there was no evidence that any data left Apple,” the company said. Upon discovering the intrusion, Apple isolated the infected computers from its network and began working with law enforcement to find the source of the malware.

Apple said it will release a software tool on Tuesday to protect Mac users against the malware leveraged by attackers.

“Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days,” the company said. “To protect Mac users that have installed Java, today we are releasing an updated Java malware removal tool that will check Mac systems and remove this malware if found.”

apple has since released a software update to fix this vulnerability in the operating system you can find the update in the software center
or you can find it by following this link

This attacks comes shortly after similar attacks against facebook

This is just another reminder that regardless of operating system
all systems are not 100% safe from internet threats and we all should do our part to be security cautious

As always stay secure !