“Enterprise Log Search and Archive” (AKA ELSA) is an open-source project started by an individual who needed the ability to not just collect logs from a bunch of devices but to also quickly search and parse them. And by a “bunch” I mean on the scale of millions and millions of logs. A lot of traditional open-source systems use REGEX to parse logs, which is fine on a small scale but quickly falls apart under volume. ELSA takes a different approach and in the words of it’s creator allows “Google-fast searching on a massively large set of logs” and it does so by using a combination of MySQL and:
(more…)

Recently I had to produce some very high-level, general documentation for platform hardening. Boy, there isn’t much out there in terms of content when you start researching this topic out. Yes, there are lots of specific hardening docs for specific platforms but if you are like me and need to write generic “policies” or guidelines you need something that is honestly a bit more vague.

I broke my documentation down into two sections, Ideology and Policies… Here was the result:
(more…)

Read about it more in detail here on Redhat’s site. This vulnerability affects all applications using certain versions of OpenSSL, so this is a cross-platform issue.

This isn’t nearly as atrocious as Heartbleed was as there isn’t a chance of leaking your private keys. However, if you use Qualsys labs excellent SSL web scanner to check your site’s security, this will immediately degrade your web application to an “F”.

Scrutiny of SSL has been ramped up significantly in the wake of Heartbleed, so if your application deals with any kind of regulated data I suggest you patch your servers immediately.

For Ubuntu users, this means it is time to do an OS upgrade to 14.04 LTS if you aren’t running a previous LTS version that is still receiving security updates…

do-release-upgrade your way to a safer tomorrow…

I have tagged this post with “heartbleed” as folks researching that issue need to pay attention to this one as well. The fix is the same; patch OpenSSL!

Regards!

References:
https://access.redhat.com/site/articles/904433
https://www.ssllabs.com/ssltest/analyze.html

In a post Heartbleed world, implementation of SSL is being scrutinized like never before (at least in my short years of experience in information security). Even though Microsoft/IIS implementations were hardly, if at all, affected by Heartbleed, they do often suffer from other common SSL vulnerabilities. This is particularly true of Microsoft Server 2003 R2 / IIS 6.5 and older setups.

Back in the olden days (you know, like 5 – 10 years ago…) before massive Chinese super-computers, NSA spying programs, and 30-core processors, a 48-Bit SSL cipher may have been considered sufficient as the length of time it would take to brute-force decrypt collected data was significant on the hardware of the day. No so much anymore.

Fast forward to today, many environments still have aging servers sitting around from a bygone era whose weak implementation of SSL pose a security risk. It is time to turn off archaic SSL ciphers on these old boxes and strengthen your connection security.

So… before you read any further, you need to check a few things to find out if this article is relevant to you.

First, do you host any websites in IIS that use SSL? (i.e. do they have “HTTPS” preceding the URL?) (more…)

Currently I am looking into a couple of different cloud platforms for new infrastructure projects. Microsoft Azure is creeping up rather highly on the list.

A few years ago the concepts of “security” and “cloud hosting” were diametrically opposed in many people’s minds. Security is an ironic field of IT in that technology, vulnerabilities and exploits, defense and remediation strategy, etc. all evolve very rapidly (like other areas of IT) but due to being tied in tightly with things like regulatory compliance the ideology and actual implementation of change in this area moves at a snail’s pace.

However IT is largely shifting towards cloud technologies and regulation must shift with it. The major players in the cloud hosting space have recognized a need to address security concerns and have made a concerted effort to do so.
(more…)