Blog Posts Tagged with "Administration"

E313765e3bec84b2852c1c758f7244b6

Hooray! An Open-Source Password Analyzer Tool...

June 08, 2012 Added by:Brent Huston

The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Separation of Duties for System Administrators

January 09, 2012 Added by:Rafal Los

How do our organizations treat administrators (more specifically highly privileged users) when they are removed from active duty? It seems that in large organizations the issue is easier to at last draw a line around than in smaller orgs - but the problems remain...

Comments  (1)

E313765e3bec84b2852c1c758f7244b6

Using Trust Maps to Manage Critical Systems

August 04, 2011 Added by:Brent Huston

The purpose of a trust map is to graphically demonstrate trust between components of your organization. It is a graphic of how authentication occurs, what systems share accounts and what systems trust other systems in an environment. Done properly, they become a powerful tool with a real payoff...

Comments  (0)

D8853ae281be8cfdfa18ab73608e8c3f

Dumping Hashes on Win2k8 R2 x64 with Metasploit

June 01, 2011 Added by:Rob Fuller

When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 5

May 16, 2011 Added by:Alex Hamerstone

The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."

Comments  (1)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 4

May 09, 2011 Added by:Alex Hamerstone

The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 2

May 03, 2011 Added by:Alex Hamerstone

As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Rogue Admins Allow Games on Company Servers

April 19, 2011 Added by:Bill Gerneglia

A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp"...

Comments  (1)

0dc5fdbc98f80f9aaf2b43b8bc795ea8

Building More Secure Passwords

April 07, 2011 Added by:Global Knowledge

As users have to create several passwords for different systems and change them every 60 or 90 days, it’s little wonder they default to the least complicated password their systems allow and make only minor variations when forced to change them. Unfortunately, such passwords are easy to guess...

Comments  (1)

4085079c6fe0be2fd371ddbac0c3e7db

How Accurate is Your Software Vulnerability Scanner?

April 05, 2011 Added by:Jamie Adams

System admins must take into account all methods in which software may get installed onto systems. A strong change management program and strict access is required. Unfortunately, I have yet to experience an all-encompassing software version scanner and patch management tool...

Comments  (2)

7e6249b5c7f6b63c28587c820b16edcb

The WebSocket Protocol: Past Travails To Be Avoided

March 24, 2011 Added by:Robert Gezelter

The WebSocket protocol is a new facility; originally conceived as part of the HTML5 effort. Together with its applications programming interface (API), the WebSocket protocol provides a standard framework for ongoing communications between web clients and servers...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Five Security Secrets Network Administrators Keep Quiet

March 22, 2011 Added by:Headlines

Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...

Comments  (0)

47d6748b0a28ace8263ed75fec1afe4c

Information Security Policies and Procedures Part 1

March 04, 2011 Added by:Alex Hamerstone

It is important to note that certain policies may be confidential according to an asset classification program. A Network Security Policy delineating requirements for protections such as connection restrictions or intrusion protection and detection may be valuable for an attacker...

Comments  (0)

3e35900ae6facc6c146a85c435c71d82

Security Information and Event Management (SIEM) Implementation

February 24, 2011 Added by:Ben Rothke

Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...

Comments  (0)

7e6249b5c7f6b63c28587c820b16edcb

Digital Forensics and E-Discovery on OpenVMS

February 21, 2011 Added by:Robert Gezelter

OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...

Comments  (0)

4085079c6fe0be2fd371ddbac0c3e7db

DISA UNIX STIG for Red Hat Enterprise Linux 5 and 6

February 10, 2011 Added by:Jamie Adams

Organizations which use Red Hat Enterprise Linux 5 and must adhere to the DISA UNIX STIG have been stuck with documentation and assessment tools which only support up to Red Hat Enterprise Linux 4. This frustrates system administrators because they must deal with false positives From SRR scripts...

Comments  (2)

Page « < 1 - 2 > »