SIM Solutions testing environement. Eg. Netforensics

>
> Hi all,
> In the context of acquisition of a SIM solution, netforensics, i will
> have to put in place a testing realistic environment where i will be
> simulating the life cycle of the SIM integration, configuration and
> day to day inherited tasks.
> i will be simulating attacks along with daily network and system
> activity in order to generate feeds to the SIM.
> My question is , where to start to put in place such a environment ?
> is there examples ?
> PS: i will be using virtualisation for sure as i don't really have the
> hardware for a physical testing network.
> All suggestions would be greatly appreciated.
> Best regards.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

>
> Hi all,
> In the context of acquisition of a SIM solution, netforensics, i will
> have to put in place a testing realistic environment where i will be
> simulating the life cycle of the SIM integration, configuration and
> day to day inherited tasks.
> i will be simulating attacks along with daily network and system
> activity in order to generate feeds to the SIM.
> My question is , where to start to put in place such a environment ?
> is there examples ?
> PS: i will be using virtualisation for sure as i don't really have the
> hardware for a physical testing network.
> All suggestions would be greatly appreciated.
> Best regards.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

> Hello,
>
> As I understand, you would want to simulate the life cycle for SIM
> integration, configuration and day to day tasks. You will have to look
> at below to start with :
>
> Integration Phase:
> 1) Identify the devices which you want to integrate with SIM.
>                          Action Item: Note the number of devices.
> Also check if you have enough license for those many devices.
> 2) Make sure these identified devices have Netforensics Agent (collector).
>                         Action Item: Check with SIM vendor about the
> available Agentscollector).
> 3) Netforensics components like Agent,Engine,Master etc works on specific ports.
>                         Action Item: Identify if you need to open
> these protocols/ports on the Networking devices like Firewalls etc for
> SIM to function correctly.
> 4) SIM Vendors  would  have recommendations on sysloging level to be
> configured on the devices.
>                         Action Item:  Syslog configurations on the
> identified devices have set correctly as per recommendations by SIM
> vendor.
> 5) Please make sure you understand the functionality of each SIM
> components and you plan the architecture of these components
> accordingly.
>
> Configuration Phase:
> 1) Identify the type of attacks you expect to identify or are compliant with.
>                       Action Item: Please visit the built in attack
> rules.Configure additional co-relation rules if needed.
> 2) You need to make sure that you have configured the alerting mechanism
>                        Action Item:  Configure/test the alerting machanism.
> 3) Make sure your components will be able to handle the expected load.
>
> Day to Day Phase:-)
> 1) You will need to perform fine tuning of your SIM environment based
> on the real time traffic trends etc
>                        Action Item: This is IMP. You will need to
> tweak certain rules, syslogging level based on your requirements.
> 2) Monitoring the devices which donot report to SIM Agent/Collector
>                        Action Item:  I dont think Netforensics has
> alerting mechanism to inform when a device has stopped reporting to
> the SIM environment. You will need to have some manual process to
> cover this part.
> 3) Monitor the corelation event generation
>                        Action Item:   If you feel you are not
> receiving certain alerts you expect to, you will need to modify the
> Co-relation rules.
> 4) Regular Updating/patching of the signatures released by SIM Vendor
>                       Action Item: SIM Vendors keep on releasing
> patches/signatures . You would need to make sure you have a process
> for updatiing this.
> 5) Make sure you have the support when in problem
>                       Action Item: Call the SIM vendor support couple
> of times with issues to get the confidence and understand what they
> need to open up support cases. Thsi will save time when you have
> critical issue.
>
> Hope this helps. Let me know if any questions.
>
> Thanks,
> Aditya Govind Mukadam
> http://www.linkedin.com/in/adityamukadam
>
>
>
>
> On Sat, Oct 10, 2009 at 10:56 AM, Mohamed Aymen SAHLI
> <sahli.aymen@...> wrote:
>>
>> Hi all,
>> In the context of acquisition of a SIM solution, netforensics, i will
>> have to put in place a testing realistic environment where i will be
>> simulating the life cycle of the SIM integration, configuration and
>> day to day inherited tasks.
>> i will be simulating attacks along with daily network and system
>> activity in order to generate feeds to the SIM.
>> My question is , where to start to put in place such a environment ?
>> is there examples ?
>> PS: i will be using virtualisation for sure as i don't really have the
>> hardware for a physical testing network.
>> All suggestions would be greatly appreciated.
>> Best regards.
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>
>