Posted by bmestep on March 18, 2008
Great news, after a brief recess, PIX Logging Architecture is back on the NET!
Be sure to checkout the screenshots for features / selling points and import the latest syslog-message database if you’ve not done that since installation. Remember PLA handles the following Cisco Security Devices:
PIX Logging Architecture v2.00 supports log messages from the following devices:
-
Cisco ASA (TESTED AND CONFIRMED)
-
Cisco PIX v6.x (TESTED AND CONFIRMED)
-
Cisco PIX v7.x (TESTED AND CONFIRMED)
-
Cisco FWSM 2.x (TESTED AND CONFIRMED)
-
Cisco FWSM 3.x (TESTED AND CONFIRMED)
PLA Documentation
PLA Screenshots and more PLA Screenshots
PLA: Latest PLA syslog message support
Support for alternate forms of syslog daemons can also be found here for parsing rsyslog.
Welcome back Kris!
Posted in How to's, Security Management | Tagged: Cisco Security, Log Analysis, PIX Logging, PLA, Security Log, Security Management | No Comments »
Posted by bmestep on November 7, 2007
Practicing security is not the art it use to be. I read an article on Ambersail’s blog that reminded me of the youth soccer team I used to coach.
In particular, I was struck by the similarity between people’s attitude towards security, and a group of kids playing football. Somebody kicks the ball, and the other 21 players chase after it. No strategy, no gameplan, no big picture. Everyone likes to think they have the answer (me included, of course) and that’s what they pitch in with. But in the end, it’s just a single kick - and off we all go again, chasing the ball. [Ambersail Blog]
The post was in response to the Fasthost breach, reported in The Register, but what stuck me as I read the Ambersail post was just how true the point was and how the 7-8 year old soccer kids I coached a few years back all blindly followed that soccer ball around and would rarely get in front of it to stop the ball. Comments and suggestions can be helpful after a breach but they’re more powerful BEFORE the breach.
It’s been said hindsight is 20/20; security is no different. What should and shouldn’t be done from a security perspective becomes painfully clear after a breach happens. The same is true for almost any operational environment where something has gone amiss.
Rarely are there huge “Ah hah!” moments in our day and age, where the lessons learned following an incident or breach are new discoveries. I’ve said it before, the security landscape ends up being the sum of the compromises and consessions a company makes.
Most often the very things that lead to breaches, compromises, or even operational failures are the result of business decisions made in order to reduce cost, lower support impacts, be user firendly, or reduce operational burdens associated with observing appropriate security and privacy controls. Obviously this doesn’t account for 100% of security breaches, but certainly more than half of reported breaches could have been prevented by proper security controls.
This is one reason why security requirements are showing up everywhere and another reason why, just like my soccer kids, everyone will continue chasing the ball no matter where it goes and breaches will continue until someone gets in front of the ball!
Posted in Security / Risk, Security Management | Tagged: Breach, PCI, security, Security Management | No Comments »
