Blog
Insights for Reasonable Cyber Security and Compliance
What’s happening in the world of cybersecurity? How do you define 'reasonable' security controls? Which cyber threats can be prevented? What steps should you take to make your systems safer? Read our blog posts to gain new insights into cybersecurity news, security awareness, the latest threats and risks, penetration testing, compliance, regulations and so much more.
![Purple Configuration Screen reasonable security](https://www.halock.com/wp-content/uploads/2010/10/Configuring-Log-Event-Source-Series-Sun-Solaris-400x400.jpg)
Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10)
Configuring Log Event Source Series – Sun Solaris (7, 8, 9 & 10), Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server. (more…)
Best Practices Series: VMware Storage Management Best Practices
Welcome for another blog post in our cyber security best practices series. (more…)
Best Practices Series: Virtual Networking for VMware
Best Practices – A growing number of organizations are now standardizing in a virtualized server deployment and they want to consolidate servers that belong to different trust zones. A trust zone is loosely defined as a network segment within which data flows relatively freely, whereas data flowing in and out of the trust zone is subject to stronger restrictions. The introduction of virtual technology does not have to significantly change the network topology. (more…)
Configuring Log Event Source Series – IBM AIX
Welcome to our first post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server.
This configuration instruction contains the following information for configuring an IBM AIX event source. The tested platform is based on IBM AIX version 4.x and 5.x (Security and Authentication messages only).
By default, an AIX system will not do syslog processing. For a strange reason, the default install on an AIX will not place entries in /etc/syslog.conf, leaving a total userless syslogd.
To configure IBM AIX:
1. Login to IBM AIX server.
2. Open the /etc/syslog.conf file in a text editor (i.e. vi – our favorite)
3. Add the following lines, where xxx.xxx.xxx.xxx is the address for the log collector server (i.e. our log collector is 192.168.0.10)
auth.debug | @192.168.0.10 |
daemon.debug | @192.168.0.10 |
kern.debug | @192.168.0.10 |
user.debug | @192.168.0.10 |
NOTE: Changing these lines causes the server to log all messages of debug level and higher to the log collector server.
4. Save the file. Close the text editor.
5. Run the following command to restart the syslogd daemon.
refresh -s syslogd
IMPORTANT: Do not use the -n flag when starting the syslogd daemon. This flag suppresses logging of priority and facility information for each log message, and will cause any log analysis system to not be able to recognize AIX messages.
Of course the most important part is to check if the logs are generated and sent to the log collector. Once you see the logs collected, then that is it for configuring the AIX server.
Watch out for the next topic in our series as we list the instruction for another type of server/device.
Oscar Bravo Jr.
CISSP, CISA, CCDP, CCNP, CCEE, CCSE, MCSE, MCITP, RSASE
Senior Consultant, Security Solutions Services
Configuring Log Event Source Series – HP UX
![Log event Icon](https://www.halock.com/wp-content/uploads/2023/10/Database-Warning-HALOCK-Security-150x150.webp)
Welcome to another post in the series of configuration instructions in enabling monitored systems to send system logs to a central logging server – HP UX. (more…)
Hau’s How
In the face of an increasing list of compliance frameworks, IT organizations operating on an already stretched budget are desperate for relief. Regulations around Personally Identifiable Information (PII), cardholder data (CHD) and patient health information all require a separate environment for storing and transmitting sensitive data. Who can afford THAT? (more…)
Meeting PCI DSS Section 10 Compliance using SNARE
![credit card verification](https://www.halock.com/wp-content/uploads/2023/11/pci-dss-requirement-copy-150x150.webp)
Tackling the log management requirements in section 10 of the PCI DSS can be greatly simplified by using Intersect Alliance’s SNARE software (an acronym for System iNtrusion Analysis and Reporting Environment). SNARE is a comprehensive Event Log Management toolkit, designed to collect and report on activities from within a monitored system. (more…)
![WIndows Audit Policies icon](https://www.halock.com/wp-content/uploads/2022/01/Windows-Audit-Policies-for-PCI-DSS-Compliance-1024x437-1-1-400x300.jpg)
Windows Audit Policies for PCI DSS Compliance
Exactly which settings need to be enabled for the audit (logging) policy on Windows systems in order to meet the intent of PCI DSS requirements 10.2.x? Trying to understand all the individual events IDs associated with each Windows audit policy is your first step in trying to determine the answer to this question! But after a bit of digging (thank goodness for Google) I found the answer. Both articles provide great information on the details of each event ID and how you can align this with PCI requirements for auditing: (more…)
Virtualization in the PCI Environment
![](https://www.halock.com/wp-content/uploads/2023/10/Banks-Financial-Services-Payment-Billing-Cyber-Security-150x150.jpg)
Since the SIG for addressing the impact of virtualization in PCI compliance has yet to be published, there has been a mixed reaction to whether or not virtualization SHOULD be used in the cardholder data environment. (more…)
PCI Level 2 Non-Compliance, Mastercard’s New Rules
![payment card industry compliance mastercard](https://www.halock.com/wp-content/uploads/2023/10/MasterCardiconmonstr-payment-27-150x150.png)
I have had many questions on the topic of compliance for Level II PCI Merchants that are transitioning from a SAQ (self-assessment questionnaire) to an On-site audit with a Report on Compliance (ROC). Many are concerned with the prospect that they are non-compliant with many of the controls and want to know what they should do and what risks they face. (more…)