4 min
IT Ops
How Audit Logs Help Confirm and Correct Security Policy
There are many possible definitions for the term “security policy,” but all of
them share certain elements in common. A security policy should lay out what
assets, both physical and digital, an organization wishes to protect. It should
explain what it means to be secure and to behave securely. In short, a security
policy identifies what assets are to be protected, what kinds of risks such
protection is meant to defeat or mitigate, and how security can be established,
measured, and monitored. A
6 min
IT Ops
Signal AND Noise The Best of All Worlds for Logging
One of the absolute, classic pieces of advice that you’ll hear when it comes to
logging is what I think of as the iconic Goldilocks logging advice. It goes
something like this.
When it comes to logging, you don’t want to miss anything important because
logging helps you understand your application’s behavior. But youalsodon’t want
to log too much. If you log too much, the log becomes useless. You want to log
just the right amount.
Sage advice, to be sure. Right?
Or, maybe, when you sto
5 min
Automation and Orchestration
AWS Series: Creating a Privoxy, Tor Instance
Synopsis:
If you want to increase your privacy or perform security research with Tor
[https://www.torproject.org/], Privoxy [http://www.privoxy.org/], etc. a virtual
server is an excellent choice. I’m using Amazon EC2 which provides a years worth
of a VM with limited resources for free. A few benefits are listed below
1. Low cost
2. Access from just about anywhere
3. Low resource allocation
4. Easy to spin up
Creating the Cloud Instance:
After logging into your Amazon cloud account select
6 min
Automation and Orchestration
AWS Series: OpenSWAN L2TP over IPSEC VPN Configuration
Synopsis:
We will look at how to configure an L2TP over IPSEC VPN using OpenSWAN
[https://www.openswan.org/] and how to connect to it using Mac OSX. This guide
is written for running the VPN software on a CentOS 7 x86_64 EC2 instance
(ami-6d1c2007) provided by Amazon Web Services. The VPN will be configured to
use local authentication and a pre-shared key. This is a great way to allow
access into your AWS VPC.
Procedure:
The procedure is broken into 3 parts:
* AWS – Create an EC2 instance
*
5 min
Automation and Orchestration
Bro Series: Creating a Bro Cluster
Synopsis:
This short article will demonstrate how to setup a minimal Bro cluster
[https://www.bro.org/sphinx/cluster/index.html] for testing. Because of its
minimal nature, this article will exclude discussion of load balancing traffic
across multiple bro workers (processes), security conscious permissions, and
other bro related tuning and features such as sending e-mail. Its purpose is to
get a Bro cluster up and running as quickly as possible so you can begin
familiarizing yourself with cluste
4 min
IT Ops
Migrating a web app to Angular
At some point many applications get to a state in which a large refactoring or
in some cases a complete rewrite needs to happen. The decision to do so can be
driven by many factors. For example, the code base is growing rapidly and the
current architecture cannot support the growth, components are becoming too
tightly coupled and need to be split, new and better technology becomes
available which offers significant improvements or due to other factors the
current code base is just not maintain
3 min
IT Ops
Webinar Recap: Tableau Server Log Analytics
Our webinar
[http://info.logentries.com/tableau-pluralsight-logentries-webinar-2016] was
broadcasted & recorded on June 16th 2016. During this broadcast Tableau Zen
Master Mike Roberts of Pluralsight discussed how to develop a simple technology
stack for next-gen management of Tableau using Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=tableau_webinar_june16_recap-logentries_blog-post_cta-create_trial&utm_campaign=tableau_webinar_june16_recap&utm_source=logentr
6 min
Komand
Defender Spotlight: Ryan Huber of Slack
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
Today, we're talking with Ryan Huber. Currently at Slack, Ryan has previously
held positions at companies such as Orbitz and Risk I/O, doing security,
engineering, or a combination of both. He enjoys computers, and can often b
11 min
IT Ops
Monitoring SNS Activity Using a Lambda Function and Logentries
Amazon Web Services Lambda functions are very cool. A Lambda function is a
feature in Amazon Web Services that allows you to put a discrete piece of
computing logic up in The Cloud and then access that logic to meet a particular
need. For example, you can create a Lambda function that takes a list of stock
symbols and does some analysis on the list using other cloud based services in
order to suggest the best stock to buy.
Logentries has put the power of Lambda functions
[https://docs.rapid7.co
3 min
IT Ops
Checking Active Directory (AD) Security and Integrity via Log Monitoring
Because AD literally holds the keys to the kingdom for domain-based networks and
runtime environments, it’s usually a good idea to keep a close eye on those
keys, how they’re being used and what kinds of attacks might be directed at
them. Monitoring AD related event logs provides one great tool in exercising due
security and integrity diligence. Alerting on specific high-impact events
provides yet another.
For over two decades now, Microsoft’s Active Directory (AD) has provided a
powerful set
1 min
Automation and Orchestration
What are Networking Intrusion Prevention/Detection Systems?
NID(P)S, or Networking Intrusion (Prevention)/Detection Systems
[https://www.rapid7.com/fundamentals/intrusion-detection-and-prevention-systems-idps/]
are used by a security team for general network security
[https://www.rapid7.com/fundamentals/what-is-network-security/] monitoring. They
work by passively monitoring (or actively gating, in the NIPS case) network
traffic and applying rules or signatures to trigger alerts.
Advantages
* Easy to deploy: Unlike endpoint devices, they can be placed
11 min
Automation and Orchestration
GDB for Fun (and Profit!)
Who Should Read This?
Have you ever wondered why your code doesn’t work? Do you ever find yourself
puzzled by the way someone else’s program works? Are you tired of spending night
after tearful night poring over the same lines of code again and again,
struggling to maintain your sanity as it slips away? If this sounds like you or
someone you know, please seek help: use a debugger.
What Is a Debugger?
For those of you that have never used a debugger:
1. I’m so sorry
2. Please read on
A debug
3 min
IT Ops
Exploiting Zookeeper for managing processes in a production environment with Lockex
Lock and execute!
As an engineer here at Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=exploiting_zookeeper-logentries_blog-post_cta-create_trial&utm_campaign=exploiting_zookeeper&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_trial]
I need to maintain a complex system that has requirements for being available to
our customers. We always build systems with the ability to be resistant to
failure.
In our environment, we have processes and dae
4 min
Komand
How to Create a Culture of Security Ownership Across Your Organization
Company culture is a phrase that means different things to many people. From the
company mission statement to the performance of a team, culture is often an
amalgamation of leadership values and individual employee contributions.
Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a
word associated with “culture”. But in today’s digital landscape, it absolutely
should be.
Building a successful company culture often comes down to three elements:
people, processes, and
3 min
Komand
SOC Series: How to Structure and Build a Security Operations Center
Building an effective security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/] requires
organizing internal resources in a way that improves communication and increases
efficiencies. Adding to a former post,When to Set Up a Security Operations
Center
[https://www.rapid7.com/blog/post/2016/06/01/to-soc-or-not-to-soc-when-to-set-up-a-security-operations-center/]
, we're now offering a framework for organizing the three key functions of a
SOC: people, proce