J Wolfgang Goerlich's thoughts on Information Security
Best Practices award for Business Continuity

By wolfgang. 25 June 2008 10:50

My data center has been recognized by IDG'S Computerworld for our use of server and storage virtualization. Computerworld awarded my team the "Best Practices in Infrastructure Management" award in the Data Center Management, IT Operations and Business Continuity category.

Tags:

Business Continuity

Tip: Cygwin for Bzip2 (.bz2)

By wolfgang. 13 June 2008 07:39

I find the Windows shareware and nagware tools for Gzip and Bzip2 files lacking. Some of it is adding unnecessary clutter to my OS. Part of it is compatibility with 64-bit Windows Server 2003. I also do not want to pay for a feature that I rarely use. Since I run Cygwin, it is easy enough to drop into the Bash shell to unzip and untar.

Copy the file to the Cygwin home folder (C:\cygwin\home\Administrator). Then start Cygwin and run the commands to unzip and untar. Extract (x) with the verbose details (v) from a file (f). Use the j switch for Bzip2 (.bz2) and the z switch for Gzip (.gz).

$ tar xvfj file.tar.bz2

$ tar xvfz file.tar.gz

 

The expanded files will then be in a folder called C:\cygwin\home\Administrator\file.

Tags:

Systems Engineering

Rolling your own SIM

By wolfgang. 10 June 2008 07:32

I have been looking at pay-to-play security information management tools. Reviewed Q1Labs Radar, Cisco Mars, and Novell's offering. The costs are tad high, particularly when a lot of the basic collections I can do with WMI scripts and C# code.

OSSIM (Open Source Security Information Management) is another option that I am looking into. Or maybe I will roll my own. Here are the key tools:

Hosts:

Log monitoring: Kiwi syslog, Snare
Signature-based analysis: Nagios, OSSEC
Vulnerability assessments: Nessus

Networks:

Local monitoring: Arpwatch
Signature-based analysis: Snort
Statistical-based analysis: Spade

Correlation:

Splunk
SQL Server 2005 SSRS and SSAS

Code or configure? Where is the best return for my time? I wager rolling my own will be a good learning experience. The money saved can then be invested in training materials and resources. Further, any analysis and cleanup will not go to waste if I change course. An off-the-shelf SIM tool will plug into a cleaned up network just as easily as it would into a unmonitored network, if not easier. I am going to keep tinkering for the time being.

That sums up my thinking at the moment.

 

Tags:

Security Information Management

    Log in