RE: Defense plan

From: John Daniele (
Date: 09/20/02

Date: Fri, 20 Sep 2002 14:34:37 -0400 (EDT)
From: John Daniele <>
To: Chris Berry <>

Hi Chris,

Everything that has been mentioned is all good, covers some of the basic
things that should be addressed, regardless of the environment. But with
legal/policy type questions, and even some of the more procedural and
technical ways of implementing policy, no one can answer them in a way
that is applicable to your situation. Step back, and consider what you are
doing -- what are you trying to protect? Define what your company's
critical assets are. Who and what are you trying to protect against? What
are their capabilities? What are your team's
capabilities/strengths/weaknesses? This must be answered in order to
design a proper defensive strategy.

Might also be a good idea to look into asset management? Does your
corporation even know what they have within their datacenters? What
software is installed? Patch levels?

Once your assets have been identified, perform a gap analysis -- audit the
enviornment against industry 'best practices' and look for some of the
things that you mentioned earlier (MAC port lock in, turning off unused
simple services, etc.). Then work on developing hardening standards and
documentation that apply to your specific environment. Turning off
services and fixing OS level problems isn't the end all and be all of
security -- for example, take a look at the applications you have
installed within your environment.. have they been implemented correctly?
Are the default permissions in excess of what they should be? Does the
application require access to privileged functions? Is it publicly
accessible and has been chroot()'d? What is necessary for the chroot() to
function? These are things a mailing list simply cannot answer.


John Daniele
Technical Security & Intelligence
Toronto, ON
Voice: (416) 605-2041

Relevant Pages