CSIRT, I have a project for you. We have a big network and we’re definitely getting hacked constantly. Your group needs to develop and implement security monitoring to get our malware and hacking problem under control.
If you’ve been a security engineer for more than a few years, no doubt you’ve received a directive similar to this. If you’re anything like me, your mind probably races a mile a minute thinking of all of the cool detection techniques you’re going to develop and all of the awesome things you’re going to find.
I know, I’ll take the set of all hosts in our web proxy logs doing periodic POSTs and intersect that with…
You shouldn’t leap before you look into a project like this. Read More »
Tags: CSIRT, csirt-playbook, incident response, infosec, logging, logs, playbook, security, SIEM
Is it the end of October already? As has been true for centuries, there is a tradition for children to wear costumes and disguise themselves while going door to door with a simple question: “Trick or treat?” While I am not sure there is a coincidence, but having National Cyber Security Awareness Month (NCSAM) end on a day characterized by pranks, false identifications and the like seems appropriate. And what scary stories we had to tell!
Read More »
Tags: byod, cloud, cryptography, dns, ncsam-2013, patch, security
Stop-think-connect is not only for kids. Everyone, including nerds like me and network and security professionals, should pay more attention before connecting any device to the Internet. Routers (wireless and wired), industrial control systems, video surveillance cameras, fire alarm systems, traffic cameras, home and building automation systems, and many other devices are being connected to the Internet every single day, wide open. If you don’t believe me do a quick search on SHODAN.
Read More »
Tags: NCSAM, ncsam-2013, SCADA, Security Threats, shodan, threat landscape
In the past couple of years, cloud-based solutions have gone from the status of a brave new technology to a mainstream vehicle for delivering storage, application, infrastructure and other services. From a security point of view, consuming cloud-based services usually involves delegating security for the service to the service provider. This does not need to be as scary as it sounds – as long as you approach the service engagement with your eyes open, and arm yourself with pertinent requirements for the service provider to provide appropriate controls to protect your organization.
Read More »
Tags: cloud security, ncsam-2013, trust
Employees of every organization use a variety of computing devices such as desktops, servers, laptops, security appliances, and mobile devices to increase productivity in this ever-changing world of Information Technology. The confidentiality, integrity, and availability (CIA) of information has become essential to success and often a competitive advantage. A comprehensive patch management process should be a major component to protecting CIA on computing devices and the data they store or transmit. Patch management is not always a simple task, as organizations may have a variety of platforms and configurations, along with other challenges that make patching these components very difficult. However, there are recommendations and best practices to minimize the complexity of this much-needed task.
Read More »
Tags: best practices, Cisco IOS Software Checker, ncsam-2013, patch management