Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.

The three characteristics your data must possess at all times, as dictated by your IT Security Policy, are: It must be confidential It must be available and It must not have any unauthorized modifications Your log policy will only be as good as the IT Security policy infrastructure behind it. And as much as we love talking about logs, that’s part of a more considerable general discussion about security policies.

Log collection is essential to managing an IT department because it allows administrators to research historical events throughout a network. Therefore, it’s critical to understand a few key points about collecting logs; the why, and what. We’ll look at a few specific examples of collecting log events efficiently, like incorporating threat modeling to enhance our collection. Implementing log collection policies and procedures is as fun as watching anti-phishing videos. But at the end of the day, the effort put in at the beginning will be worth it.

With open war in Europe for the first time since 1945, nations across the continent have been busy shoring up their information security defenses. The European Union is stepping up to the plate, releasing a Cyber Defence Policy to, in its words, "boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities." However, bolstering cyber defenses across a collection of countries, home to 450 million people and spanning four million square kilometers, is no easy feat.

Cybersecurity Awareness Month has come and gone again. October marks that festive time of year when companies circulate their mandatory think pieces, remind their employees of the dangers of clicking questionable links, and pat themselves on the back and call it a day. Here’s your friendly November reminder to keep your wits about you year-round. A (brief) history of Cybersecurity Awareness Month The Cybersecurity Awareness Month story began as a partnership between an American governmental agency—​the Cybersecurity and Infrastructure Agency (CISA)--and the National Cyber Security Alliance non-profit.

Industrial Control Systems (ICS) have evolved over the years and now have a lot in common with traditional IT systems. Low-cost Ethernet and IP devices are replacing older, proprietary technology, which opens up new possibilities to improve connectivity and remote access. However, it also increases vulnerability to cyberattacks and incidents since the system is no longer segregated. Due to the nature of ICS, they differ from other IT systems. A compromised system can cause severe damage to the environment, incur substantial financial and production losses, and negatively impact an entire nation.

NXLog is a versatile log collector that easily integrates with other software, platforms, and programming languages. Out-of-the-box it supports integration with many third-party solutions through its input, output, and extension modules. Moreover, extending NXLog with custom functionality is as easy as writing an application or script in your favorite programming language and loading it from the configuration. Email notifications of events indicating potential security breaches or severe application errors are a standard procedure for IT admins and DevOps engineers.

As a security administrator, you may be inclined to focus on the Windows Security log within Windows Event Log. You might even go as far as filtering for specific event IDs, such as EventID 4625 (failed logon request), while forgetting there is much more to security logging on Windows than this single log source. The consequence of this narrow field of view is that you are not benefitting from the valuable information that other Event IDs used for security audit policies can offer.

In light of recent news stories about possible cyberattacks on the U.S. power grid, we are inclined to ponder over precautions we can take to prepare for such a scenario. If you are in the public utilities industry, this blog post is for you. But, if you’re not, don’t worry. We will cover some basic principles you can follow to get your organization ready before such a cyberattack occurs.

The Apache Log4j vulnerability has attracted a lot of media attention as a result of recent security incidents that were reported by some organizations using versions 2.0-beta9 through 2.14.1. This security flaw has the potential to affect thousands of applications since some of the world’s largest databases rely on Log4j. Because so many organizations are affected, cybercriminals are actively exploiting this well-known vulnerability. Why is this so dangerous? In addition to the threat of malware and ransomware, hackers can also perform remote code execution due to the Log4j vulnerability.

DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised. You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.

Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.

File-based logs are where it all began. These logs can yield information of great value to security analysts and administrators alike. Armed with this information, IT professionals are better equipped to troubleshoot issues, evaluate system performance, identify bugs, and even detect security breaches. In today’s world, we tend to focus on the modern, integrated logging facilities like Microsoft’s Windows Event Log or Apple’s Unified Logging System (ULS). However, all the major operating systems still generate log files that may or may not be integrated into these logging facilities.

It goes without saying that across your business infrastructure, there should be a commitment to protect not only the hardware and software assets, but the plethora of data that is transmitted through and stored in it. However, to successfully safeguard such data, it is imperative to have an effective audit policy in place that includes the collection of security events as its essential component. Windows provides a wealth of security logs that are visible in the built-in Security channel of Event Viewer.

The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.

Applications are getting more and more complex. The demand to develop them faster is ever-increasing. This puts stress on organizations’ processes, infrastructure, and the IT teams that support them. Modern Container technology helps to alleviate issues faster across multiple environments. Linux containers are another evolutionary leap in how applications are developed, deployed, and managed. These containers are based on stable Red Hat Enterprise Linux images that have no adverse effects on your current IT infrastructure.

DNS Log Collection and Parsing DNS log collection and parsing should be part of the log collection strategy of every modern IT infrastructure. There are numerous reasons why you should be concerned enough to collect as well as parse the DNS logs collected, some of which include: Operations and Support Parsing DNS server logs can be used to track active DNS clients, while parsing complex and noisy logs can be helpful in troubleshooting support issues.

Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them. DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform. While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.

Be sure to read Part 1 and Part 2 of our series in case you missed them. DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.

"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications." In this article these top security risks discussed in the context of log collection. OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.

About File Integrity Monitoring (FIM) File integrity monitoring is implemented as a detection mechanism to monitor changes to important files and folders. File integrity monitoring is largely used as a security measure for detection and for meeting obligations such as compliance. By using file integrity monitoring, better control measures can be taken due to being able to track and provide data for alerts of activities on assets that are being monitored, such as potential unauthorized changes.