Blog Posts Tagged with "Firewalls"
On the Lack of IT Readiness: The Security Edition
September 30, 2012 Added by:Rafal Los
Sticking to the basics wouldn't be such a bad thing in Security... if we had a clue on how to do the basics right. I know plenty of people who pentest all day every day and they'll be the first to tell you how easy it is to break in because defenses are so weak, if they exist at all...
Comments (0)
Three Keys to Managing Firewalls for Better Security
September 25, 2012 Added by:Richard Stiennon
The that firewalls do not provide value had its first incarnation in de-perimeterization. The idea is that because network security is so hard we should give up and focus on securing the endpoints and data that travels between them. In reality we have to defend four separate domains...
Comments (1)
The Best in Practice
September 12, 2012 Added by:Randall Frietzsche
If we are charged with designing, architecting, implementing, deploying, integrating, training and supporting security technology, processes and policies within our organization, we might discover that this work is really an art more than a science...
Comments (0)
Terminal Services Attack Reductions Redux
September 10, 2012 Added by:Brent Huston
Our testing of the “rdp-sec-check” tool showed it to be quite useful in determining the configuration of exposed Terminal Services and in hardening them. Keep in mind, it is likely useful to harden the Terminal Services implementations internally to critical systems as well...
Comments (1)
Vulnerability Intelligence versus Vulnerability Management
July 30, 2012 Added by:Richard Stiennon
Hardening systems is one of the most important things you can do counter targeted attacks, yet most organizations have yet to operationalize the process. I understand how hard -and expensive- it is. And it is easy for an analyst to wave the flag of “Patch now!” So forgive me for giving hard advice...
Comments (1)
Security is Your Responsibility When Using Free Wi-Fi
July 17, 2012 Added by:Dale Rapp
Free wireless hot spots deliver a high-speed internet connection, but this convenient no hassle access to the internet comes with a lack of security. This doesn't mean you should avoid accessing a free wireless hot spot, it just means you need to be aware of how to protect your device when you do...
Comments (0)
Ten Things I’ve Learned About Cloud Security
July 17, 2012 Added by:Bill Mathews
Cloud security is tough for a lot of reasons, not least of which is because you probably only understand the basics of what you interface with - the controls the provider allows you to see. This lack of depth of management introduces many security related challenges. Having said that, let’s explore...
Comments (0)
Seventeen Percent of PCs Are Overtly Exposed
June 21, 2012 Added by:Robert Siciliano
If you are part of the 17% without security software installed, listen up: there are millions of viruses out there that will ravage your PC to death. Some can make your PC completely inoperable, while others allow criminals to control your PC remotely, making it part of a botnet, used for nefarious ends...
Comments (0)
ICS-CERT: Increasing Logging Capabilities
June 21, 2012 Added by:Infosec Island Admin
System and network device logs provide valuable records of system activity. Logs may yield indicators of compromise, C2 communications, exfiltrated data, remote access logons, and other valuable data. Organizations should consider enabling the following types of logging...
Comments (0)
Is There Such a Thing as Too Much Security?
June 18, 2012 Added by:Lee Munson
People who are in the computer security business are using too many scare tactics. Instead of informing the customer properly they are trying to scare them into using the company’s products. That is never a good thing and it is the reason why we have so much of a backlash going on now...
Comments (2)
Post-Stuxnet: Siemens Improves ICS-SCADA Security
June 07, 2012 Added by:Headlines
"The introduction of our new Simatic CP and Scalance products only help to bolster Siemens' industrial security portfolio, but as we stress to our customers, there is no silver bullet to cybersecurity threats. Maintaining security is an ongoing process for plants and enterprises"...
Comments (0)
On Air Gaps and Killer Toothbrushes
May 28, 2012 Added by:Chris Blask
Air gaps do not and should not exist. Patching vulnerabilities won't make systems secure. Standards and regulations are here to stay. The threat will surpass our ability to tolerate it long before we can re-engineer and re-deploy every vulnerable system. These are all just facts...
Comments (2)
For Great Justice - I Mean Security...
May 22, 2012 Added by:Wendy Nather
Organizations that are IT-poor tend also to be security-poor because security becomes optional, a luxury and an omission for the small business that doesn't know it has something to lose -- or even if it does, it hasn't the faintest idea of how to address it...
Comments (0)
Driving a Web Application Firewall Toward Better Security
May 10, 2012 Added by:Andrew Sanicola
Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...
Comments (0)
Firewalls: Stop Blocking by IP and Port
May 08, 2012 Added by:Phil Klassen
There has been some good discussions on firewalls, and the majority of the feedback is that firewalls are still an important part of the security infrastructure. However, I am surprised that the discussion revolves around legacy features and not those required to meet today's needs...
Comments (3)
A Tribute to Our Oldest and Dearest Friend - The Firewall Part 2
May 06, 2012 Added by:Ian Tibble
Nine times out of ten, when you ask to see firewall rules, faces will change in the room from "this is a nice time wasting meeting, but maybe I'll learn something about security" to mild-to-severe discomfort. Discomfort - because there is no hiding place any more...
Comments (0)
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers