What is GRSecurity

Grsecurity® is an extensive security enhancement to the Linux kernel that defends against a wide range of security threats through intelligent access control, memory corruption-based exploit prevention, and a host of other system hardening that generally require no configuration. It has been actively developed and maintained for the past 15 years. Commercial support for grsecurity is available through Open Source Security, Inc.

Continue reading “What is GRSecurity”

The Ethics of Information Security

The ethical vision of security testing constitutes rules of engagement that have to be followed by an auditor to present professional, ethical, and authorized practices.

These rules define how the testing services should be offered, how the testing should be performed, determine the legal contracts and negotiations, define the scope of testing, prepare the test plan, follow the test process, and manage a consistent reporting structure. Addressing each of these areas requires careful examination and the design of formal practices and procedures must be followed throughout the test engagement. Some examples of these rules are discussed as follows: Continue reading “The Ethics of Information Security”

How to Audit Information Security using Open Source Security tool OSSEC

OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, root-kit detection, real-time alerting and active response. It runs on most operating systems, including Linux, Mac OS, Solaris, HP-UX, AIX and Windows.

Continue reading “How to Audit Information Security using Open Source Security tool OSSEC”