Blog Posts Tagged with "Protocols"


Finishing the Security Automation Job

September 06, 2012 Added by:Tripwire Inc

SACM needs to grow upward and outward from where the SCAP efforts have gotten – move from controls into control frameworks and support the policies, processes, and procedures derived from Operational Risk Management. We’ve got a lot of work ahead. It’s all worth it...

Comments  (3)


Smart Grid Security: Getting Better, But Needs Improvement

August 09, 2012 Added by:Brent Huston

There is still room for improvement in the smart grid space: Encryption versus encoding, modern development security, JTAG protection, input validation and the usual application security shortcomings that the web and other platforms are struggling with. Default passwords, crypto keys and configurations still abound...

Comments  (0)


BYOD: Challenges of Protecting Data - Part One

July 30, 2012 Added by:Rafal Los

Whether we're talking about cloud computing, or BYOD, or hacking in general - the buck stops with data. Some believe you can't ever classify all of your data and you should move on, while others believe that without making data custodians responsible for classification of critical data nothing else can happen...

Comments  (1)


The Benefits of the Cloud for Performance Testing

May 24, 2012 Added by:Bill Gerneglia

By allowing test teams to instantly deploy existing performance test scripts to cloud-based load generators, the load is created on pre-configured systems provisioned in the cloud. This eliminates the effort and cost related to extending the on-premise test infrastructure...

Comments  (0)


Ninety Percent of HTTPS Websites Insecure

May 08, 2012 Added by:Dan Dieterle

Of the 200,000 HTTPS websites tested, only about 10% are properly secured. Changes need to be made to the secure online transaction system. Several of the issues have already been addressed, sadly it seems that the appropriate measures to secure SSL have just not been taken...

Comments  (5)


NIST: Secure Biometric Acquisition with Web Services

May 04, 2012 Added by:Headlines

Researchers at the NIST have developed a new protocol for communicating with biometric sensors over wired and wireless networks, called WS-Biometric Devices (WS-BD), allows desktops, laptops, tablets and smartphones to access sensors that capture biometric data using web services...

Comments  (0)


CISSP Reloaded Domain Three: Telecoms and Network Security

March 19, 2012 Added by:Javvad Malik

Network security is so important yet because it’s complex, a lot of companies end up doing it wrong. Not as many people properly understand the security implications of the network and most companies don’t even know what their network is comprised of...

Comments  (1)


Snort and SCADA Protocol Checks

January 25, 2012 Added by:Brent Huston

There are a wide variety of open source tools that can be leveraged around Snort, making it a powerful approach to visibility. Having people in the industry who know how the systems Snort work allows for better development of signatures for nefarious issues...

Comments  (0)


Stratfor Hack Proves a Few Things

January 03, 2012 Added by:

How many more companies believe they can get by with half-baked security? Why are budgets being cut for information security by CIOs who just don’t get it? Why is it that organizations do business with other organizations without performing due diligence on the entity?

Comments  (0)


Closing the Gate Before the Horse Bolts – On Passwords for the Cloud

December 12, 2011 Added by:Ben Kepes

Passwords it seems are both the bane of our existence and, apparently, the most important thing in our lives. Unfortunately the Cloud doesn’t really change this, good password protocols are as important in the Cloud as they were in an on-premise world and potentially even more so...

Comments  (0)


DHS Cyber Security Audit FAIL

October 20, 2011 Added by:Headlines

"Adequate security controls have not been implemented on the [Mission Operating Environment] to protect the data processed from unauthorized access, use, disclosure, disruption, modification, or destruction," the Inspector General concluded...

Comments  (1)


Companies Using Secure Protocols in an Insecure Manner

September 16, 2011 Added by:Cor Rosielle

I only looked at the Fortune 500 companies with knowledgeable IT and security staff, and with a board and directors who should care about security and have sufficient budget to get these basic things right. Let's hope the companies are as disappointed about these results as I was...

Comments  (8)


Railgun Error Checking

August 30, 2011 Added by:Rob Fuller

One important thing to note about Railgun is that you are querying the API, and just as if you were using C++, the API you are calling just might not be there on the system. So here is a quick trick to find out if a the function (API) that you are trying to call is available to you...

Comments  (0)


Red Hat 5 STIG: Network Settings

August 23, 2011 Added by:Jamie Adams

I would caution administrators from rushing to add all because most are defaults. The settings must be implicitly set in the sysctl.conf config file. My recommendation is to review the entire STIG in order to define a complete sysctl.conf file, so that it can be deployed and tested all at once...

Comments  (0)


Pentagon Fails to Deliver Cyber War Policy Brief

July 22, 2011 Added by:Headlines

"The continued failure to address and define the policies and legal authorities necessary for the Pentagon to operate in the cyberspace domain remains a significant gap in our national security that must be addressed," wrote Senators Levin and McCain to Defense Secretary Panetta...

Comments  (0)


VoIP and PCI Compliance

June 15, 2011 Added by:PCI Guru

When you start talking to security people about VoIP security, their knee-jerk response is to tell you that VoIP is secured by the corporate firewall. However, given that the VoIP protocols are stateless, even being behind a firewall really does not provide any protection...

Comments  (1)

Page « < 1 - 2 > »