Highest Voted 'operations' Questions - IT Security Stack Exchange

27

votes

1 answer

What questions should be asked when joining a new security team?

I've accepted a position at a different company working on their security team and have been mentally putting together a list of questions to ask so I can rapidly get up to speed in the environment and start gathering ideas about things to…

asked Nov 19 '14 at 20:30

bobmagoo

434
4
11

13

votes

1 answer

WAF Process Creation for Integration of IT and Business

A client has asked me to help them out with their WAF processes. Currently they have a few critical web applications being protected by a couple of WAFs. I have managed to get the WAFs tuned and ready for production. The company is fairly large and…

web-application corporate-policy waf operations opsec

asked Jul 22 '13 at 15:04

Lex

4,247
4
19
27

11

votes

3 answers

Disable USB keyboard pluggability on MacBook

I'm concerned about USB devices being physically attached to my MacBook laptop when I am about to unlock my computer or while my computer is unlocked. My threat model involves an attacker who is willing to spend about $200 to gain access to my…

hardware physical usb operations opsec

asked Apr 08 '15 at 12:45

dionyziz

213
1
7

11

votes

3 answers

Is it insecure to have an SSH server on a workstation?

I know one systems administrator who runs SSH Server on his workstation to push files to it and check things from a phone but I think it is a bad idea for several reasons: An operations workstation is a sweet spot for the adversary. Once she is in,…

ssh unix remote-desktop operations

asked Jul 14 '11 at 02:10

Aleksandr Levchuk

221
1
5

7

votes

1 answer

Security Operation Center (SOC)

I am looking for resources and details on establishing a security operation center (SoC) or network operation center (NoC) based on ITIL or any other applicable regulations. Where can I find good details or experiences of others except for hiring…

network siem operations soc

asked Apr 14 '11 at 17:09

Yasser Sobhdel

309
1
8

7

votes

4 answers

Firewall Reviews - What is in your Toolbox?

In the vein of the questions about forensics, I'd be interested to hear what tools/techniques people use on Firewall reviews, both in terms of periodic reviews as an auditor or consultant, or maintaining firewall rulesets on the operational IT side…

network tools firewalls audit operations

asked Dec 17 '10 at 18:21

Rory McCune

60,923
14
136
217

6

votes

3 answers

Security Architecture - Settings to drive UI and Privileges (Rights) - Role-Based, per User-Account

How do large companies implement their security requirements which are centralized and used to drive things people can do (allowed to call a certain web-service, submit an order, etc.) as well as to drive UI (disable buttons, menu options,…

access-control rbac operations

asked Mar 07 '11 at 14:41

Leon

163
4

5

votes

1 answer

Security in automated systems using Puppet and Chef

In an extremely interesting presentation at Puppet Camp London, Tomas Doran suggested a pretty radical approach for keeping everything automated by managing tons of Docker containers with Puppet. As a security-conscious person, I like the idea of…

operations provisioning automation devops

asked Jun 13 '14 at 00:08

Naftuli Kay

6,715
9
47
75

3

votes

1 answer

How many people are required to build your own 24x7 security operations center (SOC)? Rough costs?

I have received this question from a few clients, but I have 0 experience building a 24x7 SOC.

operations soc

asked Nov 16 '10 at 05:04

Tate Hansen

13,714
3
40
83

3

votes

1 answer

Is there a difference between "Maximum Tolerable Downtime" and "Maximum Allowed Downtime"?

I'm studying for the CCSP exam and one of the BC/DR terms that is referenced in my study material is "Maximum Allowable Downtime". The definition for it is: MAD (Maxium Allowable Downtime) How long it would take for an interruption in service to…

terminology recovery ccsp operations

asked May 24 '18 at 14:38

Mike B

3,336
4
29
39

1

vote

3 answers

Is penetration testing included in the job of a NOC?

I was researching about what job position is related with ethical hacking. I found something like SOC and NOC, but I got a little bit confused. I know SOC tier 1 does programming tasks and information gathering, tier 2 is the same as tier 1, but a…

penetration-test soc operations

asked Sep 30 '17 at 20:57

user160223

0

votes

1 answer

security management and security engineering difference

Is there a difference between "security management" and "security engineering"? I read about security engineering in some places and security management in others, but I really can't find what the difference is between those.

software operations

asked Mar 25 '14 at 21:15

mehran

1

0

votes

0 answers

Devs running IDE's remotely...risks and how to remediate

I have a few developers who - well, let's just say I don't have much faith in their operational security. Time was, in the pre-COVID world, it was well understood that they didn't run IDEs directly off their laptops. That seems to have changed. …

access-control operations

asked Aug 10 '20 at 22:15

D0gfather

71
4

0

votes

2 answers

Do any open-source firewalls support remote management?

Remote management is essential if you have to run more than three network devices, and is supported by all commercial firewall products. For example: Palo Alto Networks: In addition to control and security capability, our next-generation …

network firewalls operations

asked Jul 06 '16 at 17:52

Dave

105
4

Questions tagged [operations]