IT Security

see also:

physical access restricted to only those whose job responsibilities require that they maintain the equipment or infrastructure of the room.
- controlled by a strong authentication method, such as an electronic combination lock, a badge reader, a fingerprint reader, or other biometric scanning device. Lock combinations should be changed on a regular basis.
Doors: fireproof and secured with deadbolt type locks that can’t be easily picked.
Keys to server room doors - both electronic and traditional - should be numbered and the whereabouts of each copy logged.
- Traditional keys should be marked “Do not duplicate” and electronic keys should be copy protected.
no windows through which a person could gain access. If there are windows, they should be bulletproof/shatterproof, and/or protected by metal grates to prevent access if broken.
monitored by CCTV or IP cameras 24/7.
redundant power sources, such as a generator, to power electronic locks and authentication systems in case of a power failure or outage.
Server rooms and IT equipment rooms should not double as office space or storage space or any other shared purpose.
complete inventory of server room and IT network room equipment, including brands, models, serial numbers, and physical descriptions, should be completed and kept up to date.
system for securely disposing of unwanted discs, tapes, cards, hard drives, printed paper, and anything else that could contain confidential information should be implemented.

A management system to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition).

Name	Purpose
LOKI	Simple IoC client/server scanner with custom signatures, written in python
YARA	Pattern matching for malware research

Magento	Scanner: MageReport

Reddit :
- r/blueteamsec – technical intelligence, research and engineering to help operational [blue|purple] teams defend their estates.
- r/netsec
- r/cybersecurity

physical security