Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
Configuring Log Event Source Series – IBM AIX
Welcome to our first post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server.
This configuration instruction contains the following information for configuring an IBM AIX event source. The tested platform is based on IBM AIX version 4.x and 5.x (Security and Authentication messages only).
By default, an AIX system will not do syslog processing. For a strange reason, the default install on an AIX will not place entries in /etc/syslog.conf, leaving a total userless syslogd.
To configure IBM AIX:
1. Login to IBM AIX server.
2. Open the /etc/syslog.conf file in a text editor (i.e. vi – our favorite)
3. Add the following lines, where xxx.xxx.xxx.xxx is the address for the log collector server (i.e. our log collector is 192.168.0.10)
auth.debug | @192.168.0.10 |
daemon.debug | @192.168.0.10 |
kern.debug | @192.168.0.10 |
user.debug | @192.168.0.10 |
NOTE: Changing these lines causes the server to log all messages of debug level and higher to the log collector server.
4. Save the file. Close the text editor.
5. Run the following command to restart the syslogd daemon.
refresh -s syslogd
IMPORTANT: Do not use the -n flag when starting the syslogd daemon. This flag suppresses logging of priority and facility information for each log message, and will cause any log analysis system to not be able to recognize AIX messages.
Of course the most important part is to check if the logs are generated and sent to the log collector. Once you see the logs collected, then that is it for configuring the AIX server.
Watch out for the next topic in our series as we list the instruction for another type of server/device.
Oscar Bravo Jr.
CISSP, CISA, CCDP, CCNP, CCEE, CCSE, MCSE, MCITP, RSASE
Senior Consultant, Security Solutions Services
Configuring Log Event Source Series – HP UX
Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)
Hau’s How
In the face of an increasing list of compliance frameworks, IT organizations operating on an already stretched budget are desperate for relief. Regulations around Personally Identifiable Information (PII), cardholder data (CHD) and patient health information all require a separate environment for storing and transmitting sensitive data. Who can afford THAT? (more…)
Meeting PCI DSS Section 10 Compliance using SNARE
Tackling the log management requirements in section 10 of the PCI DSS can be greatly simplified by using Intersect Alliance’s SNARE software (an acronym for System iNtrusion Analysis and Reporting Environment). SNARE is a comprehensive Event Log Management toolkit, designed to collect and report on activities from within a monitored system. (more…)
Windows Audit Policies for PCI DSS Compliance
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a bit of digging (thank goodness for Google) I found the answer. Both articles provide great information on the details of each event ID and how you can align this with PCI requirements for auditing: (more…)
Virtualization in the PCI Environment
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment. (more…)
PCI Level 2 Non-Compliance, Mastercard’s New Rules
I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that they are non-compliant with many of the controls and want to know what they should do and what risks they face. (more…)
PCI Compliance Adoption Rates Continue to Rise
PCI Compliance Adoption Rates. Visa’s latest report (updated as of June 30, 2010) on the percentage of the current merchant and service provider population currently validated as PCI compliant shows that most companies have now achieved compliance with the PCI Data Security Standard (DSS). (more…)
The Sounds of PCI Compliance
So I’ll admit I’m relatively new to the PCI Compliance arena. That said, I’ve been working with technology and financial companies for the last 15 years and while I’ve seen topics come & go; PCI Compliance is here to stay. I’ve noticed some commonalities from the folks I’ve spoken with recently and I wanted to share some of my favorites. (more…)
Best Practices for Achieving PCI DSS Compliance
The Payment Card Industry Data Security Standard, or PCI DSS, provides a well-defined list of security requirements, but many organizations are left with more questions than answers when it comes to determining how best to address each requirement in a manner that will be considered acceptable for PCI compliance. (more…)