ORDER: Get the keys. Listen to the music.
LOUIS: Which one’s for the car?
(Ordell finds it. If you look at the keys, Vicky goes back to the line)
(Max talks to him when he fills out the paperwork).
(hold the key)
It’s for the ignition…
(with a little black box in hand)
…but you have to press this thing to disable the alarm and unlock the door.
LOUIS: What do you want me to do?
ORDER: You don’t have to do anything. Just point it out and press the button. You’ll hear the car beep. This means that the alarm is deactivated and the doors are open.
LOUIS: Okay. Okay. Okay, okay.
ORDER: Now, play as hard as you like, but don’t touch my levels. I’ll set it up any way I want.
(Louis nods his head and walks out.)
Is it Jackie Brown or Trippwire?
Actually, it’s both. It’s an impressive scene in which Jackie Brown shows that Tripwire wants to ensure that the golden image can be supported by secure configuration management.
But how do you know he’s changed?
Implementing safe configuration management
In SP 800-128, the National Institute of Standards and Technology (NIST) defines Security Configuration Management (SCM) as the management and control of information system configurations to ensure security and facilitate risk management.
Attackers are looking for systems that are vulnerable by default. As soon as the attacker manipulates the structure, he starts making changes.
SCM can help prevent this type of malicious activity. This can be done not only by identifying incorrect settings that make your practice vulnerable, but also by identifying unusual changes to important files or registry keys.
That’s why Ordell didn’t want Louis to touch his dials, but how could he be sure?
As new zero-day threats are detected almost daily, signature-based protection is simply not enough to detect complex and sophisticated threats.
To detect a crack early, organizations must not only understand what is changing in critical equipment, but also be able to identify unwanted changes.
Supply chain management tools enable organizations to determine exactly what changes occur over time in their critical resources .
Trip wire is capable of this:
- Installation policy – defines which files should be checked on which devices.
- Basel files – ensures that the files you review are in known good condition.
- Monitoring and synchronization of changes – On a normal day, you can see hundreds of file changes on a system. It is very important to know that the good change from the bad.
- Warning – when unauthorized changes are detected, focus on the highest priority warnings and take corrective action before further damage occurs.
- Reporting – FIM is required for several areas of compliance and most other standards. Clear and detailed reporting is important for both business processes and compliance with audit rules.
SCM in two words
By configuring the gold standard for their systems and continuously monitoring the compromise rates, organizations can quickly identify violations.
Early detection of a violation helps to limit the damage of one or more attacks.
By using SCM to implement a company hardening standard such as CIS, NIST and ISO 27001 or compliance standards such as PCI, SOX or HIPAA, systems can be continuously hardened to reduce the footprint.
And improved systems, i.e. a secure base, give more confidence in the ability of the bad guys to carry out a successful attack.
If these ads on Tripwire had changed, Ordell would have known this sooner and could have acted positively.