Blog Posts Tagged with "Configuration"
Four Turning Points in Cybersecurity History
November 18, 2012 Added by:Tripwire Inc
Enterprises adopted reputable standards for secure configurations, and implemented repeatable practices for creating secure infrastructure. This shift dramatically reduced the attack surface of enterprises, greatly increasing the difficulty of achieving a successful attack...
Comments (0)
Unconventional Defense - Taming a wild environment with CCRM
November 15, 2012 Added by:Rafal Los
Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...
Comments (0)
Protection Tax
October 25, 2012 Added by:Tripwire Inc
Unfortunately, you don’t know what you don’t know. You don’t know what your security posture looks like between scans, you don’t what configuration-related exploit or breach indicators you might be missing. In today’s security-is-just-an-illusion environment, getting visibility and knowledge is everything...
Comments (0)
Terminal Services Attack Reductions Redux
September 10, 2012 Added by:Brent Huston
Our testing of the “rdp-sec-check” tool showed it to be quite useful in determining the configuration of exposed Terminal Services and in hardening them. Keep in mind, it is likely useful to harden the Terminal Services implementations internally to critical systems as well...
Comments (1)
Finishing the Security Automation Job
September 06, 2012 Added by:Tripwire Inc
SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...
Comments (3)
Smart Grid Security: Getting Better, But Needs Improvement
August 09, 2012 Added by:Brent Huston
There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...
Comments (0)
Visualize Wi-Fi Networks Using Vistumbler and Google Earth
July 30, 2012 Added by:Dale Rapp
Vistumbler is an excellent free tool that scans for nearby wireless networks within range of your wi-fi adapter. Once Vistumbler finds a wireless network it will display the networks SSID, signal strength, encryption being used, mac address, the networks channel, access point manufacturer, and much more...
Comments (4)
Companies Exposing Critical SAP Services to the Internet
June 19, 2012 Added by:Alexander Polyakov
For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...
Comments (0)
Driving a Web Application Firewall Toward Better Security
May 10, 2012 Added by:Andrew Sanicola
Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...
Comments (0)
A Tribute to Our Oldest and Dearest Friend - The Firewall Part 2
May 06, 2012 Added by:Ian Tibble
Nine times out of ten, when you ask to see firewall rules, faces will change in the room from "this is a nice time wasting meeting, but maybe I'll learn something about security" to mild-to-severe discomfort. Discomfort - because there is no hiding place any more...
Comments (0)
A Tribute to Our Oldest and Dearest Friend - The Firewall
April 22, 2012 Added by:Ian Tibble
We have a lot of bleeding edge software and hardware products in security backed by fierce marketing engines which set unrealistic expectations. Out of all these products, the oldest carries the highest bang for our bucks - the firewall...
Comments (0)
Cloud Security Report: The Cloud May Be Safer
March 05, 2012 Added by:alan shimel
This first installment of what promises to be a semi-annual report sheds some real light on the differences between on premises and cloud security environments, and also advances the notion that despite the FUD the cloud may in fact be safer for certain kinds of applications...
Comments (0)
The Patchwork Cloud Part 1: An Overview
February 23, 2012 Added by:Rafal Los
Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...
Comments (0)
Prevent VoIP Toll Fraud with Proper Configurations
February 22, 2012 Added by:Enno Rey
Unfortunately the attacker was able to circumvent our first workaround. We discovered that it was possible to “dial-in” to the router directly by calling the head number. As a long-term solution the configured dial patterns have to be modified to prevent such things in the future...
Comments (0)
Database Security TLAs Make Me LOL
February 15, 2012 Added by:Josh Shaul
I can only imagine what folks go through when they’re shopping for solutions to improve databases security. Do you want DAM? DAP? DAMP? DSP? DLP? WAF? To improve the security of your databases, you’re probably going to need some or all of the following capabilities...
Comments (0)
Gaining Access to a Check Point Appliance
February 07, 2012 Added by:Bill Mathews
On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...
Comments (0)
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe
- Do You Have a Vendor Security Check List? You Should!