background preloader

Security defence

Facebook Twitter

Que signifie HIDS/NIDS? - Definition IT de Whatis.fr. Intrusion detection system. Security information management system. Un article de Wikipédia, l'encyclopédie libre.

Security information management system

Le principe du security information management (SIM) est de gérer les évènements du système d'information (SI). Appelés également SEM (security event management) ou SEIM (security event information management) ou encore SIEM (security information and event management), ils permettent de gérer et corréler les logs. On parle de corrélation car ces solutions sont munies de moteurs de corrélation qui permettent de relier plusieurs évènements à une même cause.

Face au nombre d'évènements générés par les composants d'un système d'information, il est difficile de les traiter à la volée. Les SIEM permettent : la collectel'agrégationla normalisationla corrélationle reportingl'archivagele rejeu des évènements Collecte[modifier | modifier le code] La collecte peut être de façon passive en mode écoute ou active en mettant en place des agents directement sur les équipements ou à distance. Système de détection d'intrusion. Systemd/Services. Systemd allows you to create and manage services in extremely powerful and flexible ways.

systemd/Services

This page will only cover the most basic uses; for full details, please see the systemd manual pages. As a modern service manager, systemd builds on the concepts, knowledge and experience of previous and contemporary service managers such as daemontools, runit and nosh. If you've ever used any of these, you will probably find systemd's service management features to be easy and comfortable. If your only experience is with System V init.d scripts, you may be confused at first. Init.d scripts use many ugly hacks (for example, PID files, and all of the infrastructure surrounding PID files) to work around the fundamental brokenness of sysv-rc. Unit files If you're creating a brand new unit file for your service, you must first come up with a name. Mozilla Observatory. Beyond The Security Team - Quelques digressions sous GPL. This is a keynote I gave to DevSecCon Seattle in September 2019.

Beyond The Security Team - Quelques digressions sous GPL

The recording of that keynote should be available soon. Good morning everyone, and thank you for joining us on this second day of DevSecCon. My name is Julien Vehent. I run the Firefox Operations Security team at Mozilla, where I lead a team that secures the backend services and infrastructure of Firefox. I’m also the author of Securing DevOps. This story starts a few months ago, when I am sitting in our mid-year review with management. I pull up our security metrics and give the main dashboard a quick glance before answering that, yes, I think reducing our investment in infrastructure security makes sense right now. Infrastructure security is probably where security teams all over the industry spend the majority of their time.

Up until recently, this was true for my group as well. The infrastructure certainly does continue to evolve, but operations teams have matured to the point of becoming their own security teams. Rapid Risk Assessment (RRA) We all regularly use a risk based methodology when making decisions in day to day life, without thinking about it.

Rapid Risk Assessment (RRA)

The Rapid Risk Assessment or Rapid Risk Analysis (RRA) methodology helps formalize this type of decision making and ensures that the process is reproducible, consistent and the results are easy to communicate. See also Assessing Security Risk for an introduction to risk and our processes related to risk. A typical Rapid Risk Analysis/Assessment (RRA) takes about 30 minutes. It is not a security review, a full threat-model, a vulnerability assessment, or an audit. These types of activities may however follow an RRA if deemed appropriate or necessary. The main objective of the RRA is to understand the value and impact of a service to the reputation, finances, productivity of the project or business. Note that the RRA does not focus on enumerating and analyzing security controls.

Preamble Data is the most important item in risk management. Bridgecrewio/checkov: Prevent cloud misconfigurations during build-time for Terraform, Cloudformation, Kubernetes and other infrastructure-as-code-languages with Checkov by Bridgecrew. Checkov - Open-source infrastructure-as-code static analysis tool by Bridgecrew. Introducing TerraGoat, a “vulnerable-by-design” Terraform training project - Bridgecrew. Blog - Bridgecrew. In our biggest product update yet, we’re extremely proud and excited to publicly (for everyone… As part of our mission to streamline cloud security and make it accessible to developers,… It’s been an exciting week after our big product launch on Monday which included some… We’re excited to release TerraGoat 🐐, a training project for developers to learn about how… Open source projects We’ve had an exciting month since coming out of stealth mode and announcing our new…

Blog - Bridgecrew

Introducing TerraGoat, a “vulnerable-by-design” Terraform training project - Bridgecrew. Terraform Code Reviews: Supercharged with Conftest. 10 quick-wins pour RSSI. | accueil | articles | projets | contact | plan | "How tempting it is to raise high walls and keep out change.

10 quick-wins pour RSSI

Rot here in our own self-satisfied comfort.” ― Frank Herbert, Chapterhouse: Dune dernière mise à jour 09/09/07/2020 Présentation Cet article récapitule une liste de conseils pour RSSI tweeté en juillet 2020. Le cahier des charges que je m'étais donné pour cette série était le suivant :