Blog Posts Tagged with "Administration"
Hooray! An Open-Source Password Analyzer Tool...
June 08, 2012 Added by:Brent Huston
The time it takes to crack a password is the only true measure of its worth. Morris has created a tool for administrators that allows them to configure a password policy based on the time to crack, the possible technology that an attacker might be using, and the password protection technology in use...
Comments (0)
Separation of Duties for System Administrators
January 09, 2012 Added by:Rafal Los
How do our organizations treat administrators (more specifically highly privileged users) when they are removed from active duty? It seems that in large organizations the issue is easier to at last draw a line around than in smaller orgs - but the problems remain...
Comments (1)
Using Trust Maps to Manage Critical Systems
August 04, 2011 Added by:Brent Huston
The purpose of a trust map is to graphically demonstrate trust between components of your organization. It is a graphic of how authentication occurs, what systems share accounts and what systems trust other systems in an environment. Done properly, they become a powerful tool with a real payoff...
Comments (0)
Dumping Hashes on Win2k8 R2 x64 with Metasploit
June 01, 2011 Added by:Rob Fuller
When trying to dump password hashes on a Windows 2008 R2 64 bit box I constantly run into the "The parameter is incorrect" error in Meterpreter. Well, with a bit of migration you'll be back to passing the hash. Here is how, with a bit of the thought process first...
Comments (0)
Information Security Policies and Procedures Part 5
May 16, 2011 Added by:Alex Hamerstone
The purpose section should include information about why the policy is necessary. You may also wish to add some information about how the issue was dealt with historically. It is also a great place to reiterate some company values. An example is “To ensure compliance with..."
Comments (1)
Information Security Policies and Procedures Part 4
May 09, 2011 Added by:Alex Hamerstone
The formatting and structure of documentation is not the most enthralling topic. It is however one of the most important elements of effective documentation. Delivering information in a clear and consistent way is essential to ensure documents are easy to use and effective...
Comments (0)
Data Security Explained in Simple Terms
May 05, 2011 Added by:Gurudatt Shenoy
The argument that devices can be stolen and thus cannot be fail-proof against data theft can be certainly countered by the fact that such devices can be detected quite early and rendered unusable, as compared to stolen passwords that are most often detected only once the damage is done...
Comments (2)
Information Security Policies and Procedures Part 2
May 03, 2011 Added by:Alex Hamerstone
As far as information security, every organization will have a unique set of foundational policies. Although there will be many that are common to all organizations, the unique qualities of each organization call for custom policies. How then, do we determine what basic policies we need?
Comments (0)
Rogue Admins Allow Games on Company Servers
April 19, 2011 Added by:Bill Gerneglia
A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp"...
Comments (1)
Building More Secure Passwords
April 07, 2011 Added by:Global Knowledge
As users have to create several passwords for different systems and change them every 60 or 90 days, it’s little wonder they default to the least complicated password their systems allow and make only minor variations when forced to change them. Unfortunately, such passwords are easy to guess...
Comments (1)
How Accurate is Your Software Vulnerability Scanner?
April 05, 2011 Added by:Jamie Adams
System admins must take into account all methods in which software may get installed onto systems. A strong change management program and strict access is required. Unfortunately, I have yet to experience an all-encompassing software version scanner and patch management tool...
Comments (2)
The WebSocket Protocol: Past Travails To Be Avoided
March 24, 2011 Added by:Robert Gezelter
The WebSocket protocol is a new facility; originally conceived as part of the HTML5 effort. Together with its applications programming interface (API), the WebSocket protocol provides a standard framework for ongoing communications between web clients and servers...
Comments (0)
Five Security Secrets Network Administrators Keep Quiet
March 22, 2011 Added by:Headlines
Network administrators may be conducting their own personal risk assessments in the course of their daily duties. They may be weighing factors such as performance pay incentives, the thoroughness of security audits, and time constraints when deciding what is or is not a priority...
Comments (0)
Information Security Policies and Procedures Part 1
March 04, 2011 Added by:Alex Hamerstone
It is important to note that certain policies may be confidential according to an asset classification program. A Network Security Policy delineating requirements for protections such as connection restrictions or intrusion protection and detection may be valuable for an attacker...
Comments (0)
Security Information and Event Management (SIEM) Implementation
February 24, 2011 Added by:Ben Rothke
Security Information and Event Management (SIEM) attempts to fix that by aggregating, correlating and normalizing the log and audit data. The end result is a single screen that presents all of the disparate data into a common element. While great in theory, the devil is in the details...
Comments (0)
Digital Forensics and E-Discovery on OpenVMS
February 21, 2011 Added by:Robert Gezelter
OpenVMS system managers need to develop the plans, processes, and procedures to respond to legal process requests. Correctly dealing with these requests minimizes the impact on production systems. Failure to address these situations can expose the organization to significant liability...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers