Network Access Control
November 15, 2012 Added by:Rafal Los
Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...
November 13, 2012 Added by:Paul Kenyon
NIST guidelines that were updated last mont, make multiple references to privileged users and/or administrators, who are deemed both major threat sources and enablers of risky events. When it comes to these standards, taking a least privilege approach to security is a major step towards protecting organizations...
November 12, 2012 Added by:Rainer Enders
Companies need to mobilize, that is without question -- but for too long BYOD has become nearly synonymous with this effort. In reality, BYOD is just one of the ways enterprises can mobilize, and in many cases, it is not the most secure, or necessarily the most cost-efficient way to do so...
November 08, 2012 Added by:Pete Herzog
This article will give you some ideas on how you can quickly put yourself out of a job using the Internet. If you're careful and a little lucky, you won't end up in jail either! At the very least, this article shows how doing things that are good for an office may not necessarily be good for the security of your company...
November 06, 2012 Added by:Joel Harding
I had one sysadmin a few years ago who demanded we all use 64 character passwords and every other character had to switch type. It was something like ^y?M3aI`B[a/ and so on... It took two minutes to type it in and I had to carry a paper with the password written on it. I was so glad when he left...
October 31, 2012 Added by:Rafal Los
I'm running a small experiment on myself in which I've set up an account on a public, high-traffic web-based system out there that has a ton of my personal information. I've not changed my password in almost 6 months, but I still feel relatively good and certain that I am the only one who has access to my stuff...
October 29, 2012 Added by:Rainer Enders
With the ubiquity of mobile devices, staying securely connected to work - in theory - should require nothing more than an internet connection, and seemingly everywhere you travel, whether that be in hotels, airports, or conference trade shows, offer such connections. But the reality is more complicate...
October 29, 2012 Added by:Pierluigi Paganini
The numerous attacks and data breaches occurred during the last 12 months demonstrate that despite attention to security, the principal causes of the incidents are leak of authentication processes, absence of input validation on principal applications, and of course the human factor...
October 26, 2012 Added by:Rainer Enders
For too long, IPsec struggled with a reputation of being cumbersome to implement and manage. However, even amid the harshest of its critics, its ability to secure data has rarely, if ever, come into question. Now, through advancements in the technology's infrastructure, IPsec has become easy to use...
October 24, 2012 Added by:Fergal Glynn
The connection between improved security and user education is so well-established as to be almost axiomatic. Better technology, coding practices and testing can only accomplish so much. So what’s being done about the dearth of solid user education?
October 21, 2012 Added by:Paul Kenyon
Considering most universities must accommodate a network of thousands of desktops and laptops, in addition to end-users ranging from students, developers, researchers, academics and admin staff – it’s no wonder balancing security and productivity is such a complex endeavor...
October 08, 2012 Added by:Rafal Los
What happens if you go perusing through your corporate file-share lists, applications directories and such... and find some interesting stuff that you aren't technically supposed to have access to yet the controls in place have no problem giving you permission? Does anyone notice?
October 03, 2012 Added by:Gianluca Stringhini
We need new techniques to detect and block spam. Current techniques mostly fall in two categories: content analysis and origin analysis. Content analysis techniques look at what is being sent, and typically analyze the content of an email to see if it is indicative of spam...
October 02, 2012 Added by:Patrick Oliver Graf
For a long time, hackers only targeted the IT systems of offices or individuals. This, however, has changed as the bad guys more frequently go after unconventional targets, like industrial and oil plants, refineries of all kinds, power grids or water utilities...
September 30, 2012 Added by:Rob Fuller
So it turns out that Windows Firewall talks IP addresses just like any other firewall, so if you configure FakeNetBIOSNS to tell everyone that the IP address for whatever they looked up is YOUR IP, guess what, no need to bypass the spoof filters...
September 13, 2012 Added by:Rob Fuller
List the tokens available with Incognito, your new user will be there, steal it and you're done. You now have the ability to user that account/domain token on any of the hosts you've compromised on the network, not just the ones they happen to have left themselves logged in...
Join Trend Micro & SecurityWeek in Belle... Shah Alam on 12-06-2013
Looking Beyond "Black Box Testing"... Paul Reed on 12-03-2013
Projectile Dysfunction... ryan mccarthy on 12-01-2013