Wednesday, December 30, 2009
Wednesday, December 16, 2009
DECAF
Hackers have released Decaf, a tool which hinders the work of Microsoft's 'Computer Online Forensic Evidence Extractor' (COFEE).
DECAF Link
DECAF Link
Tuesday, December 15, 2009
ADOBE SECURITY LINK
No different than the process to monitor frequently the Microsoft Patches and Security Activity, we need to stay on-top of the ADOBE platform as it seems to be a focus for code.
Adobe Security Blog
Adobe Security Blog
Sunday, December 13, 2009
Cisco 2009 Annual Security Report
The Cisco® Annual Security Report provides an overview of the combined security intelligence of the entire Cisco organization. The report encompasses threat information and trends collected between January and December 2009. It also provides a snapshot of the state of security for that period, with special attention paid to key security trends expected for 2010.
CISCO ANNUAL SECURITY REPORT 2009
CISCO ANNUAL SECURITY REPORT 2009
Virtual Desktops Today - Cloud Claims
I have taken a cursory look at the following:
EyeOS
GHOST Cloud
Glide OS 3.0
Another challenging path to secure.
EyeOS
GHOST Cloud
Glide OS 3.0
Another challenging path to secure.
Tuesday, December 8, 2009
Google DNS or OPENDNS....Hmmmm
Sure seems google has caught onto the idea that OPENDNS has had for a few years now and provides additional content filtering via DNS.
Google Public DNS Link here
Google Public DNS Link here
Saturday, December 5, 2009
Cloud Computing - What we really should discuss
I have put many links in recently concerning products, strategies and directional links. I am taking a few minutes to post a few words on information cloud computing. Cloud services are active today whether they are Google, Amazon, or others and carry both business and financial transactional data for consumers. One of the concerns I have remains, the ability to audit and know controls are in place for information protection. Some cloud technologies are putting some interesting architectural decisions in front of security professionals. These decisions are often being posed as "faster", "less cost" and "more efficient" and even " you won't need your firewalls anymore". The basic premise by security practitioners is that we need layered defenses for data, application, network segmentation. The "blur" of these points and traditional security design occured when mobility came forward and third parties were requiring trust within the organizations backend systems. Today, we are rapidly moving towards a mixed architecture where some applications will truly be cloud enabled, yet others will remain traditional security architecture and controlled. I remain somewhat skeptical at cloud based security models and how processes such as vulnerability analysis will occur in the "cloud".
Wednesday, December 2, 2009
Saturday, November 14, 2009
Friday, November 13, 2009
Saturday, November 7, 2009
Microsoft releases free tool designed to harden software applications against attacks
EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications
Tool
More info here
Tool
More info here
Monday, November 2, 2009
Wednesday, October 28, 2009
Thursday, October 15, 2009
Microsoft Patch Tuesday Oct 13, 2009 Priorities
“Experts in the security field said the focus should be on the end-user and IT should first patch holes in Internet Explorer (IE) and in Windows Graphics Device Interface (GDI).
Those two technologies are addressed in MS09-054 (IE) and MS09-062 (GDI)”
I tend to agree here, as the GDI goes across multiple products, and we use IE everyday.
Those two technologies are addressed in MS09-054 (IE) and MS09-062 (GDI)”
I tend to agree here, as the GDI goes across multiple products, and we use IE everyday.
Monday, October 12, 2009
Format-Preserving Encryption (FPE)
Currently reviewing this product.
Format-Preserving Encryption (FPE), Voltage SecureData maintains data format and eliminates
business process changes.
http://www.voltage.com/end-to-end/index.htm
Format-Preserving Encryption (FPE), Voltage SecureData maintains data format and eliminates
business process changes.
http://www.voltage.com/end-to-end/index.htm
Thursday, October 8, 2009
Google Apps Link for Outlook Clients
I find this impressive and Google's move to get infrastructure costs out of IT.
Take a look.
http://www.google.com/apps/intl/en/business/outlook_sync.html
Take a look.
http://www.google.com/apps/intl/en/business/outlook_sync.html
Sunday, October 4, 2009
Thursday, August 13, 2009
Flash Cookies and What to Do
Flash cookies cannot be deleted thru standard cookie removal in the browser.
Firefox has an add-on Better Privacy you should consider as it removes these tracking elements.
Here is a terrific article from the guys in California.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
Firefox has an add-on Better Privacy you should consider as it removes these tracking elements.
Here is a terrific article from the guys in California.
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
Friday, May 29, 2009
Tuesday, May 26, 2009
Data Protection Basics
There is alot of press around the DLP meaning and concept. There are basic principles one must consider as part of the planning, strategy in putting a plan together.
1. Determine the critical data stores from a business perspective ( Rank your data's value)
2. Identify if the information in item 1 is data at rest or data in motion ( Classify the data type)
3. Determine if the data is on clients(pda's, laptops, servers), network ( communications streams), or hard prints. ( Discovery )
4. Align with financial or brand protection objectives
5. Put your requirements to paper
6. Evaluate your product space
7. Test in a controlled environment with test data!!
8. Deploy in production
1. Determine the critical data stores from a business perspective ( Rank your data's value)
2. Identify if the information in item 1 is data at rest or data in motion ( Classify the data type)
3. Determine if the data is on clients(pda's, laptops, servers), network ( communications streams), or hard prints. ( Discovery )
4. Align with financial or brand protection objectives
5. Put your requirements to paper
6. Evaluate your product space
7. Test in a controlled environment with test data!!
8. Deploy in production
Sunday, May 24, 2009
Product selection before strategy
It seems to be a recurring discussion i have weekly with peers. The topic tends to be the fact that products/services/technologies are purchased to solve risk and security issues before certain other considerations are complete.
The problem statement: How do we implement this product / solution into our environment.
One might think that a logical approach would be:
1. Strategy Formulation
2. Strategy Implementation/Communication
3. Architecture Review of AS-IS technology and process
4. Review of Strategy and Architecture TO-BE
5. Vendor review and selection
6. Implementation plans
Instead, Sales professionals do a great job of selling a product or service. Companies are then challenged to find a method for worrking on implementation. Basic issue step 6 before step 1-4 have occurred.
Providing technology solutions for problems and issues is only one component of solution delivery.
People, Process and Technology are all to be considered.
Subscribe to:
Posts (Atom)
