Blog Posts Tagged with "Network Security"


Surface Mapping Pays Off

January 29, 2013 Added by:Brent Huston

You have heard us talk about surface mapping applications during an assessment before. You have likely even seen some of our talks about surface mapping networks as a part of the 80/20 Rule of InfoSec. But, we wanted to discuss how that same technique extends into the physical world as well....

Comments  (0)


The Rise of Exploit Kits According to Solutionary SERT

January 28, 2013 Added by:Pierluigi Paganini

The report revealed the surprising efficiency of well-known vulnerabilities usually included in the popular exploits sold in the underground, around 60% are more than two years old, and 70% of the exploit kits analyzed (26) were released or created in Russia...

Comments  (0)


Three Tips for Effective Vulnerability Assessments

January 23, 2013 Added by:Dan Dieterle

Regular vulnerability assessments are essential because threats to your network security continually change and evolve, and your security should be able to match this. A user’s PC or network access point might be secure today, but it could become completely vulnerable tomorrow...

Comments  (4)


Panetta is Critical of the Security Level on NATO Networks

January 23, 2013 Added by:Pierluigi Paganini

The Atlantic Council website has published excerpts of remarks by Secretary of Defense Leon Panetta on the inability of NATO networks to repel cyber threats. According the officials, the situation appears to be critical in both the private and public sectors, and it is also very concerning for military environments...

Comments  (0)


ESB Security Spotlighted At ZeroNights 2012

December 25, 2012 Added by:Alexander Polyakov

ERP systems, which store the information about finances, employees, materials, wages, and so on, are rightfully considered to be the most critical of such systems. Unauthorized access to those systems can lead to espionage, sabotage, or fraud...

Comments  (0)


Migrating South: The Devolution Of Security From Security

December 20, 2012 Added by:Ian Tibble

Is the typical security portfolio of system administrators wide enough to form the foundations of an effective information security program? Not really. In fact its some way short. Security Analysts need to have a grasp not only on file system permissions, they need to know how attackers actually elevate privileges...

Comments  (0)


The Ultra-Legacy Problem - Systems so old...

December 19, 2012 Added by:Rafal Los

Say you're a sizeable institution here and that over the last two decades you've amassed lots of platforms that run your business, in a time before the Information Security organization did much more than install anti-virus on your desktop... and now that technical debt has come back to haunt you...

Comments  (3)


Hackers at the Controls

December 16, 2012 Added by:Jayson Wylie

An FBI report details what could be the hacking elite sect of Anonymous, Antisec, using a backdoor to compromise an air-conditioning control system in New Jersey. This leaves me to the question of how vulnerable the government and private sectors are for these types of compromise...

Comments  (1)


Israel’s Cyber Defenses Protect Government Sites from 44 Million Attacks

December 11, 2012 Added by:Dan Dieterle

Israel’s cyber defense is hard at work blocking millions of incoming cyber attacks. There have been millions of hacking attempts against government sites that have been intercepted with reportedly only one successfully taking down it’s target. And that for only a few minutes...

Comments  (0)


Managing the Social Impact of Least Privilege

December 10, 2012 Added by:Paul Kenyon

In organizations where IT policy hasn’t been enforced or where users expect to have full autonomy over PCs, the transition to least privilege desktops must be carefully planned, so the IT department doesn’t face a user revolt. Make sure to set users’ expectations accordingly...

Comments  (0)


Compliance Combines with Vulnerability Scanning to Create Aegify

December 10, 2012 Added by:Michelle Drolet

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management...

Comments  (1)


Flipping Malware: A Profit Opportunity for Corporate IT Departments

December 09, 2012 Added by:Jeffrey Carr

Some of the more forward-looking DOD contractors who have robust internal CERT with engineers who do reverse-engineering could be in the best position to offer free or low-cost network defense to corporations who want to "flip" the malware found on their network for a nice profit...

Comments  (1)


Port 9100/TCP Probes

December 06, 2012 Added by:Brent Huston

Now this is a little interesting. It is likely meant to be a validation probe that the printer device’s embedded web server is online and that the device is operational. BUT, the “Python-urllib/2.7″ made us suspicious. Perhaps this isn’t a usual printer request?

Comments  (0)


FreeBSD Servers Hacked: Lessons on SSH Public Key Authentication

December 04, 2012 Added by:Mark Baldwin are recommending that anyone who downloaded and installed any of their third-party packages between September 19 2012 and November 11 2012 reinstall their systems. Obviously this could be a big burden for a lot of organizations...

Comments  (4)


Windows 8 Forensics: USB Activity

December 03, 2012 Added by:Dan Dieterle

When I started working on Windows 8 USB drive forensics, I assumed it would be similar to Windows 7. I created a fresh Windows 8 VM and plugged a thumb drive into my local system. The VM recognized it as it should. I shut the VM down and opened it in EnCase to examine what happened...

Comments  (0)


Two New SQL Security Books from Syngress

November 29, 2012 Added by:Ben Rothke

Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »
Most Liked