Note: This article is a copy of one that I have written for the compliance.engineering blog. Check it out! In my previous article I was discussing the need for accurately describing system architecture in a way that would enable consistent discovery, documentation, and dissemination of these details across internal teams, with outside auditors, as well …
Note: This article is a copy of one I have written for the compliance.engineering site. Check it out! The organizational dilemma of understanding systems Every day decisions are made, from the low-risk decision on how you would like your coffee or tea, to high-risk decisions on organizational strategy or accepting the implications stemming from proposed …
Until the creation of the European Union’s Digital Operational Resilience Act (DORA) (2022/2554), there hasn’t been much need for those of us in the U.S. to be aware of Threat-Led Penetration Testing (TLPT). DORA’s text also isn’t explicitly clear around what this TLPT is, or what makes it distinctly different from the average penetration testing. …
Read more “E.U. DORA – Threat-Led Penetration Testing, what is it?”
A while ago I had the opportunity to explore the use of Retrieval-Augmented Generation (RAG) with the use of both internal and public LLMs, including various GPT and Llama models. The opportunities here are extensive, both for good, as well as harm if not implemented with proper oversight. Here’s a high level overview of that …
Wazuh provides and extremely valuable view into the security health of your systems. However, there are times where the default, out-of-the-box rules don’t work well for you. There’s a nice tutorial on custom rules in the Wazuh documentation, however, it wasn’t apparently clear to me the hierarchical nature of these rules. As a consequence, when …
There has been a lot of great work done to generate STIG baselines for the various VMware products. This content is publicly-available on Github under the vmware/dod-compliance-and-automation repository. As I’m currently focused on using VMware Photon 5, I’m going to explore that process with you now. Initial Testing Before applying your STIG, you’ll probably want …
I’m pretty inexperienced when it comes to Fluentd logging, but I have a necessary use case to use it to ingest some log files with a non-standard format. There’s documentation on how parsers work, and there are even examples of how it should automatically happen. But, then there’s also the reality that I discovered that …
There are many common approaches to logging. However, since my home environment is running SecurityOnion (SO), I’m going to focus on three common ones and show how to do an end-to-end configuration with SO. If you’re curious about Filebeat, I’ve already written about it here. Fluentd Fluentd is extremely popular, while providing many options and …
For a while now I’ve been curious about the application of multi-factor authentication for Linux console and SSH access. It’s a particularly challenging use-case, especially if you operate in an air-gapped configuration, and yet need to meet industry standards such as PCI’s Control 8.5.1, or NIST 800-53’s Control IA-2(1). Multi-factor is essentially a requirement to …
Read more “MFA Tutorial – Yubikey Usage for both Console and SSH”
So, you’ve got Security Onion (SO) running from the Security-Appliance-in-a-Box via Ansible. Now what? How do you begin to ingest logs from your other devices into the included Elastic instance? I’m glad you asked! There’s a couple steps you’ll need to follow. Allow Access First you’re going to need to open the firewall to allow …
Read more “Ingesting External Logs via Security Onion’s Elasticsearch”