Blog Posts Tagged with "Configuration"

Bd07d58f0d31d48d3764821d109bf165

Four Turning Points in Cybersecurity History

November 18, 2012 Added by:Tripwire Inc

Enterprises adopted reputable standards for secure configurations, and implemented repeatable practices for creating secure infrastructure. This shift dramatically reduced the attack surface of enterprises, greatly increasing the difficulty of achieving a successful attack...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Unconventional Defense - Taming a wild environment with CCRM

November 15, 2012 Added by:Rafal Los

Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Protection Tax

October 25, 2012 Added by:Tripwire Inc

Unfortunately, you don’t know what you don’t know. You don’t know what your security posture looks like between scans, you don’t what configuration-related exploit or breach indicators you might be missing. In today’s security-is-just-an-illusion environment, getting visibility and knowledge is everything...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Terminal Services Attack Reductions Redux

September 10, 2012 Added by:Brent Huston

Our testing of the “rdp-sec-check” tool showed it to be quite useful in determining the configuration of exposed Terminal Services and in hardening them. Keep in mind, it is likely useful to harden the Terminal Services implementations internally to critical systems as well...

Comments  (1)

Bd07d58f0d31d48d3764821d109bf165

Finishing the Security Automation Job

September 06, 2012 Added by:Tripwire Inc

SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...

Comments  (3)

E313765e3bec84b2852c1c758f7244b6

Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)

964eef19f95b77a2606d36daf6deb25f

Visualize Wi-Fi Networks Using Vistumbler and Google Earth

July 30, 2012 Added by:Dale Rapp

Vistumbler is an excellent free tool that scans for nearby wireless networks within range of your wi-fi adapter. Once Vistumbler finds a wireless network it will display the networks SSID, signal strength, encryption being used, mac address, the networks channel, access point manufacturer, and much more...

Comments  (4)

7d55c20d433dd60022642d3ab77b8efb

Companies Exposing Critical SAP Services to the Internet

June 19, 2012 Added by:Alexander Polyakov

For example, 212 SAP Routers were found in Germany which were created mainly to route access to internal SAP systems. SAP Routers themselves can have security misconfigurations, but the real problem is that 8% of the companies expose SAP Dispatcher services directly to the Internet, circumventing the SAP Router...

Comments  (0)

812d096e189ecbac061ebfe343f91e1e

Driving a Web Application Firewall Toward Better Security

May 10, 2012 Added by:Andrew Sanicola

Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...

Comments  (0)

1de705dde1cf97450678321cd77853d9

A Tribute to Our Oldest and Dearest Friend - The Firewall Part 2

May 06, 2012 Added by:Ian Tibble

Nine times out of ten, when you ask to see firewall rules, faces will change in the room from "this is a nice time wasting meeting, but maybe I'll learn something about security" to mild-to-severe discomfort. Discomfort - because there is no hiding place any more...

Comments  (0)

1de705dde1cf97450678321cd77853d9

A Tribute to Our Oldest and Dearest Friend - The Firewall

April 22, 2012 Added by:Ian Tibble

We have a lot of bleeding edge software and hardware products in security backed by fierce marketing engines which set unrealistic expectations. Out of all these products, the oldest carries the highest bang for our bucks - the firewall...

Comments  (0)

59da131e1207b6fadf8fec3862d85ad1

Cloud Security Report: The Cloud May Be Safer

March 05, 2012 Added by:alan shimel

This first installment of what promises to be a semi-annual report sheds some real light on the differences between on premises and cloud security environments, and also advances the notion that despite the FUD the cloud may in fact be safer for certain kinds of applications...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Patchwork Cloud Part 1: An Overview

February 23, 2012 Added by:Rafal Los

Cloud computing isn't a paradigm every organization will follow whole-hog, nor should it be. Public cloud, hybrid cloud, private cloud, these are all terms need to be understood first and have some sort of rational approaches to security and risk management around them...

Comments  (0)

0f57a863af3b7e5bf59a94319a408ff7

Prevent VoIP Toll Fraud with Proper Configurations

February 22, 2012 Added by:Enno Rey

Unfortunately the attacker was able to circumvent our first workaround. We discovered that it was possible to “dial-in” to the router directly by calling the head number. As a long-term solution the configured dial patterns have to be modified to prevent such things in the future...

Comments  (0)

3750d420f6c2a9844b529978894dc0be

Database Security TLAs Make Me LOL

February 15, 2012 Added by:Josh Shaul

I can only imagine what folks go through when they’re shopping for solutions to improve databases security. Do you want DAM? DAP? DAMP? DSP? DLP? WAF? To improve the security of your databases, you’re probably going to need some or all of the following capabilities...

Comments  (0)

D03c28fd5a80c394905c980ee1ecdc88

Gaining Access to a Check Point Appliance

February 07, 2012 Added by:Bill Mathews

On any Linux-based system with an unencrypted hard drive, it is possible to completely overtake a system once you have gained physical access. Often this is easily accomplished with a live CD distribution, such as Backtrack or Ubuntu and some command line tools...

Comments  (0)

Page « < 1 - 2 > »