Darksat IT Security Forums
March 28, 2024, 03:43:10 pm
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  
  Show Posts
Pages: [1] 2 3
1  Hardware, Software and Security / IT Security Forum / How to access or read logs from As400 and Win 2003 without Admin rights on: July 21, 2010, 07:59:12 am
Hi guyz,

I hope you are fine and doing well. I need your help and suggestion regarding reading Windows 2003 server events without having the Admin Privileges.
The issue is that we have deployed a Centralized Log Management Tool for our servers and in order to collect the events form the Windows machines it requires Admin rights to read the events using WMI. But due to the sensitivity of the system we do not want that admin privileges be given to the Event Collector.
Is there any way that we can give it a restricted access so it can only just read the events from that remote machine (Application/System/Security).
Similarly I also want to collect logs (History Log) from IBM AS/400 system. What will be the possible way with minimum privileges to access these logs?

I will really grateful for your help in this regard.
2  Hardware, Software and Security / IT Security Forum / Categorization of syslog/events for Linux & UNIX on: March 02, 2010, 06:24:58 am
Hi guyz,

Hope you are fine and doing well. I am working on a task where I have to centrally collect all events from all nodes (Windows XP, LINUX and UNIX and Network Devices).

We are going to use third party software which will collect these events centrally. For windows it will requires WMI and Admin rights on that machine to collect events and for LINUX/UNIX we have to send the syslog to this third party software/application.

I do not want to get every event happening on the machines that’s why I have categorized the windows event which will be critical for our environment for that I have got a great help from Microsoft document, but I do not have enough information for Linux/Unix events/syslogs.

I will really appreciate if you please help me in this regard and give me information about the different types of Syslog and any documentation for implementing event monitoring related to Linux/Unix systems. As I do not want that syslog to degrade the performance of the system and the network. So I just want to select only those events which are critical.

Secondly is there any way that for windows we can also forward the events to this third party application? As I think the system admin will have a great issue for giving the admin rights or even creating an id that has admin rights on that system.
Thirdly being the IT Security Analyst do I have to look all these events or I will make sys admin responsible to act whenever there is a critical event generated and they get an alert on that? What will be the role of Security Analyst once the application is deployed?
3  Hardware, Software and Security / IT Security Forum / Can a Antivrius be used for two machines by mapping the hard drive of ther other on: April 01, 2009, 08:00:14 am
Hi guyz,

 

I wanted to know what are the threats associated with using a single Antivirus on one machine and then mapping the drives of the other system for scanning those drives. I know that in that case the mapped drive’s data can be scanned only but not the processes and the memory. But what can be the other aspect of this approach I mean risks or threats? Is there any better soultion for that?
4  Hardware, Software and Security / IT Security Forum / Re: How to get Syslog event from Firewall on two differnt Applications on: April 01, 2009, 07:20:38 am
Thank you Darksat for helping me out.
5  Hardware, Software and Security / IT Security Forum / How to get Syslog event from Firewall on two differnt Applications on: March 12, 2009, 04:38:04 am
Hi guyz,

Hope you are all fine.

We have deployed a firewall on our network. Its a ASA-5510 Cisco product. We have deployed an application Firewall analyzer which get the events generated at the firewall and provide us the details of the events. Now We have another application GFI Event Manager which we have used to collect the events from the critical system and servers for centralized logging and monitoring. I have seen that GFI Event Manager also support the syslog events, so I was thinking to configure the GEI Event Manager so that I can also collect the firewall events from the Cisco firewall.

When I talked to some people I came to know that firewall cannot support this feature i.e. you cannot redirect or get the events generated on the firewall to two different applications which in this case are the GFI Event Manager and Firewall Analyzer. Can you guys help me with that and provide me your comments on how to resolve this issue or it cannot be solved?

Thanks in advance.
6  Hardware, Software and Security / IT Security Forum / Can an application running under Localsystem account access the other systems? on: December 04, 2008, 07:42:48 am
Hi,

I am using GFI Event Manager for centralized monitoring of our systems over the LAN. GFI Event Manager requires that it should run under the Domain Admin account & the remote registry service is running on the client machines. I wanted to know that can we run the GFI Event Manager under localsystem account. Because when I run this service under localsystem account on our DC 2003 server, I am not getting events from the remote machines. Can you please help me out what are the access privileges of localsystem account which is running on the Domain Controller?
Thanks in advance
7  Hardware, Software and Security / IT Security Forum / Automatic equipment identification in network on: December 03, 2008, 05:57:22 am
Hi guyz,

1. Can you please help me out for deploying control for Automatic equipment identification in network? The requirement is that in case any user tries to connect his/her laptop or PDA to our company network we were able to detect it immediately.

2 Secondly I have passed the CISSP exam, now I wanted to go for one more cert should I go for CISA or CISM? As far as I know CISM contains almost the same domain as of CISSP but I was wondering which one will be better for growth CISA or CISM. I am already doing CCNA & after that will go for CCNA Security.

Thanks & Regards
8  Hardware, Software and Security / IT Security Forum / Has any one worked with Data Prevention Leakage Software on: December 02, 2008, 07:18:12 am
Hi guyz, 
Hope you are all fine. I will thankful to you if you could help me for the following questions:

1. Has any one has worked with DPL Software of Trend Micro, Orchestria or Recoonex software. Actually I want that we can track all of our sensitive data even if it travels to a USB drive or being send as an attachment. I am not sure about the concept of these softwares but I was thinking can it track any particular file say for example we have a file “X” which is classified as confidential & sensitive file and three of our managers are using this file by making a copy on their local system, will it track those files as well? Will it track if anyone on his/her local system copy that file to its USB or send through email attachment?
I will be thankful if anyone already using any such tracking software can guide me in this regard.

2. In order to implement EFS on a system is it sufficient to backup that’s users profile to recover the encrypted data or its necessary to make DRA (Data Recovery Agent)?

3. Last question is I wanted to track a particular users activity I mean which application he used, which service he accessed and even where he created/deleted file or folder on his systems as well as on the local  network, is there any such software that can track such users activity
9  Hardware, Software and Security / IT Security Forum / Anyone has wroked with SCADA Security on: October 08, 2008, 10:32:25 am
Hi guys,

I was wondering if anyone has worked in the SCADA Security or completed the Certified SCADA Security Architect (CSSA) certification. If so can you please guide me about the material where I can get material for this? Its a new fiedl at least for me which require skills more then simple Network administrator.

10  Hardware, Software and Security / IT Security Forum / How to find out Bussiness Impact Analysis for non-quantative risk assessment in on: October 06, 2008, 06:19:11 am
Hi,
 
I am starting the process for Business continuity planning (BCP) and Disaster recovery planning (DRP); I wanted to know whether we can calculate the BIA (Business impact analysis) without conducting the quantitative risk assessment for our critical assets? If so how and what will be the credibility of that BIA.
 
Actually when I started the information security process in our organization we did not conducted the quantitative risk analysis instead we list downs the critical assets and made a list of any possible threat to these assets once we identified those threats we selected the appropriate control to reduce risks. Now when designing the BCP and DRP I am thinking how to conduct the BIA? I mean is it possible to find out the business impact without finding any monetary value?
 
Moreover who else will be involved in the BIA process? Management, IT and Information Security Manager?? Or anyone else as well?
 
Can anyone help me especially if someone has design a BCP and DRP??? Moreover quantitative if the risk analysis is necessary then how I will calculate it? I mean I know the cost of the server machine but I cannot say for sure what will be cost of setting up the server in the working condition i.e. installing the necessary softwares + configurations etc? Will it be an estimated value that will be used for configuration and software installations?
11  Hardware, Software and Security / IT Security Forum / What should be the contents of an Information Security Training Program? on: October 06, 2008, 05:43:42 am
Hi,

 
I am planning to give some awareness and training program in my company. I would like to know how to develop a security training programs for the employees specially the executives.  Actually I am not able to select the boundaries and the limits that should be addressed in the training program i.e. the topic and their relevant depth.

 

So can anyone help me in this regard about the material that should be included in the training program and its depth and breadth? If anyone can provide/share some real documentation/presentation I will really appreciate it.

12  Hardware, Software and Security / IT Security Forum / How much ASA-5505 Firewall can helpful against virus attack? on: September 30, 2008, 01:23:15 am
Hi guyz,

I daily get reports from the AV software Kaspersky about the virus attack and most infected systems. And I am seeing that there are daily dozens of virus attacks occurring.

My work is mostly concern with Risk assessment and Planning/deploying security control to reduce the risk at acceptable level.

Unfortunately I have not worked with the ASA5505 as it comes under the IT. Ok now the issue is that we are getting hit by dozens of viruses each day. Although we have deployed very good AV software Kaspersky Enterprise in our organization and its working fine as well by disinfecting the viruses but I want one more level of define and I think it will be deployed on our Firewall ASA-5505. So I just want to know what kind of internet/security control this firewall can provide us with regard to virus and malicious codes?

Please also let me know if there is any video basic training related to IP routing, NAT and Cisco ASA-5505 available?

How much ASA-5505 Firewall can helpful against virus attack?

13  Hardware, Software and Security / IT Security Forum / Unable to Ping the Machines and Access the Remote Registry on: September 11, 2008, 05:22:45 am
Hi guys,

I am facing an issue in our organization. One of our user in the organization has changed the settings such that I cannot ping the system. Similarly I can't even access the system through remote registry option or through Computer Management-->Connect to a Remote Computer. I am getting the error message "Computer_Name cannot be managed. The Network path was not found." I have the Domian Admin rights but I am unable to get information about this system. I have checked the windows firewall setting on his computer by asking him to show me the firewall settings but there is no such configuration that can prevent the form accessing the system.

Can you please help me out what could be the possible reason for this??
14  Hardware, Software and Security / IT Security Forum / How to Restrict Access to the Services running on the XP on: August 29, 2008, 09:14:03 am
Hi guyz,

I wanted to know how can we restrict access to the service on a particular system? Actually in our company we have given admin right to the users on their local system i.e. their domain user names are added in the local Admin group of that particular computer they use. For example "Alice.Shon" is the domain user name for Alice and the system issued to her, she is added in local admin group of that particular system. I know its not a good practice and it should not be allowed but the management says we have to give them admin rights or else they wont be able to install many softwares (even power user rights does not let the system install those software). Anyway so everyone has admin right on their local system, and they can do anything on that system.

But we have deployed Kaspersky Enterprise software as Anti virus, and when I tried to stop the service associated with this AV all the option are disabled. I even can't run the service under my logon name in the Service Name----->Properties------>Logon------->This account.

The AV server runs on one of our servers and the AV clients are installed on user's machines. They AV client gets its configuration from the AV server.

I am just wondering how I can deploy such kind of settings on any other service that even the local Admin cannot stop or start that service. How it is possible?
15  Hardware, Software and Security / IT Security Forum / Can user account be locked out in case of access right violation? on: August 28, 2008, 04:34:04 am
Hi,

Yesterday I posted a question whether the account lock out policy should be enabled or not in a domain environment. What I found that in enabling an account policy specially in domain environment any user can use this policy to launch a Denial of Service DoS attack by using a script and launch it for any particular user so that particular user will be lock out.

But this is not what I want. So what I want to ask is that is it possible that we can disable a user account if he does an access right violation on a particular folder in a domain environment.

I have implemented access right on our shared folder on the role basis with need to know and least privileges principle. I have also deployed GFI Event manager for monitoring in case of user try to take the ownership of that folder or a user tries to access an unauthorized folder. In any such event I got email alert about the user who tried to access that folder, his name, domain and folder name.

Ok but now what to do when a user has tried to access an unauthorized folder? Is there any way that I can configure on the DC setting such a policy that in case of any such event say user "Bob" tries three or four consecutive failure to that folder, the user account be locked out?
Pages: [1] 2 3
Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.042 seconds with 17 queries.