Blog Posts Tagged with "Defense in Depth"

0a8cae998f9c51e3b3c0ccbaddf521aa

There is no Onion - The Painful Reality of Defense in Depth

June 26, 2013 Added by:Rafal Los

Imagine if you woke up tomorrow morning and it was conclusively proven that the layered onion model was proven to fail in several circumstances commonly deployed and used in today’s enterprise. That would sure explain much of the failure we’ve seen across enterprise breaches, wouldn’t it?

Comments  (0)

959779642e6e758563e80b5d83150a9f

Security Mistakes You Will Make on Your Next Cloud Project

July 18, 2012 Added by:Danny Lieberman

The Cloud Security Control model looks great, but it doesn’t mitigate core vulnerabilities in your software. Once you choose the right service model and vendor, put aside the security reference models and focus on hardening your application software. It’s your code that will be running in someone else's cloud...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Removable Media Flash Drive Attacks

July 10, 2012 Added by:Infosec Island Admin

A shift supervisor was using a portable flash drive for downloading information from an HMI connected to the industrial control systems. Antivirus scanners run on the removable media, the HMI machine, and other systems found the Hamweq virus on the removable media, but the other systems were clean...

Comments  (0)

C787d4daae33f0e155e00c614f07b0ee

Spring Cleaning for Your Security Toolbox

July 08, 2012 Added by:Robb Reck

Give each system and process a priority rating. The ones with the highest rating get the training, money and man-power assigned to master, maintain and run them. The ones with lower ratings get a project plan set up for decommissioning. As in most things in life, true excellence is in quality, not quantity...

Comments  (0)

959779642e6e758563e80b5d83150a9f

Five Things a Healthcare CIO Can Do to Improve Security

May 31, 2012 Added by:Danny Lieberman

In a complex healthcare organization, large scale security awareness training is a hopeless waste of resources considering the increasing number of options that people have (Facebook, smartphones..) to cause damage to the business. Security awareness will lose every time it comes up against an iPad or Facebook...

Comments  (0)

37d5f81e2277051bc17116221040d51c

IT Security: Preventing Insider Threats

May 24, 2012 Added by:Robert Siciliano

An employee at Fannie Mae, knowing he is about to be fired, installed a logic bomb set to detonate almost 3 months after his departure. The detonation would have taken the organization off line for almost a week and cost millions and millions of dollars...

Comments  (0)

37d5f81e2277051bc17116221040d51c

How Does Your Bank Protect Your Data?

May 15, 2012 Added by:Robert Siciliano

Financial institutions have established a layered security approach that includes multi-factor authentication, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen...

Comments  (0)

812d096e189ecbac061ebfe343f91e1e

Driving a Web Application Firewall Toward Better Security

May 10, 2012 Added by:Andrew Sanicola

Web app firewalls can be a useful ally toward greater security for those who know how to use them properly. Whether you’re in the market for a new firewall or are already an owner, understanding it is a tool designed to be driven is an important step toward increased security...

Comments  (0)

A88973e7d0943d295c99820ab9aeed27

Protecting Data in Use

April 26, 2012 Added by:Simon Heron

The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...

Comments  (0)

68b48711426f3b082ab24e5746a66b36

Assumptions: A Common but Dangerous Programming Practice

March 13, 2012 Added by:Fergal Glynn

Whatever the intended use of your input may be, even if you employ best practices to prevent data tampering, verifying individual pieces of data both at the reading and writing stage is a good defense in depth measure that can be taken with minimal effort...

Comments  (0)

48ee5cc2faa38ddec15846777f57f1a6

Hidebound Governments Unprepared for Cyber Threats

February 05, 2012 Added by:James Colbert

“Even if they brilliantly secure their networks, the greatest threat that organizations face is that they are still vulnerable if their minimum wage security guards are disgruntled or their physical access control systems can be easily bypassed...”

Comments  (0)

1b061b1cec6b5898e5326992d9461610

Security: Failing Gracefully, or Just Failing?

February 01, 2012 Added by:Dave Shackleford

We’re pretty good at if-then analysis for controls in security. Let’s turn it around though and start thinking if-then in the negative sense. Prevention tools and processes need to fail gracefully and lead us into detection and response mode...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

The Myth of Defense in Depth

January 25, 2012 Added by:Rafal Los

There are two parts to the idea of defense in depth - there is the concept and the implementation. It's easy to talk about the concepts behind defense in depth - but to implement them effectively in today's technology landscape... well that is an entirely different cup of tea...

Comments  (5)

888605c6c25c19e41bbbb986ea6d43c1

The Human Factor

December 24, 2011 Added by:Jim Palazzolo

When we truly understand that every server we secure, policy enforced, card swipe device locked down, banking website code scrubbed, and public facing connection port blockaded has a human being at the end we will then fully grasp the concept of "defense-in-depth"...

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

Following the Trail of Web-Based Malware

December 15, 2011 Added by:Mark Baldwin

The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

Size Isn't Everything

October 26, 2011 Added by:Javvad Malik

Having a long padded out password isn’t enough. Because there are a whole multitude of things that should be taken into consideration before declaring something is the answer to all your security issues. It’s a security concept called defense in depth...

Comments  (1)

Page « < 1 - 2 > »