Tag Archives: VMWare

How Virtualization Changes Audits

If you haven’t determined how server virtualization changes your audit plans, you better get moving. I’m not just talking about a virtualization audit (more on that later), but the audits that you typically do every year or on a multi-year cycle.

For example, if every year you do an audit on all networks, servers, applications, and databases that host your key financial reporting or PHI systems, you’re looking at policies and procedures, configuration management, security (including patching), user access, logging, and so on. But do you first consider whether those assets run on virtualized servers?

Continue reading

Advertisements

2 Comments

Filed under Audit, How to..., Security, Technology

Securing Virtual Servers

Here’s my take on the issues that I found with the following quote from SC Magazine (for more info, see Quote of the Weak (Securing Virtual Servers):

We don’t treat the virtualization servers any different than the physical servers when it comes to security. We treat them the same. Security is security.

Continue reading

Leave a comment

Filed under Quote of the Weak, Security

How to Avoid Friendly Infections

I love to “steal” content and blog post ideas from others (usually AuditMonkey), but this time, I slim-fingered from Mister Reiner (check out his computer security and hacking blog at misterreiner.wordpress.com).

All I really stole were the ideas inspired by a comment that I left on his post entitled, Your friends and relatives can go home and jack up their own computer. Reiner wrote that allowing others on your computer might result in an infected PC if your friends and relatives do stupid things like surf porn or open email attachments. To avoid these issues, he suggested you do the following:

Continue reading

Leave a comment

Filed under How to..., Security

Free PIX Firewall Checker

Matasano Security has released an upgrade to Flint, a FREE web application that examines firewall configurations. “Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.”

According to Matasano, once you upload a firewall configuration, Flint:

Continue reading

Leave a comment

Filed under Free, Security

SANS Audit Checklists

The SANS Audit Advice and Resources* website has a free checklists section:

6 VMWare Settings Every IT Auditor Should Know About

5 Things Every IT Auditor Needs to Know About: SSH Configuration

Continue reading

Leave a comment

Filed under Audit, Security