Network Security
Two New SQL Security Books from Syngress
November 29, 2012 Added by:Ben Rothke
Since SQL is so ubiquitous on corporate networks, with sites often running hundreds of SQL servers; SQL is prone to attacks. SQL injection is a technique often used to attack databases through a website and is often done by including portions of SQL statements in a web form entry field...
Comments (0)
Fifteen Tips to Improve Your Infosec Risk Management Practice
November 29, 2012 Added by:Tripwire Inc
For years security vendors have been able to play off the general fears of malware and cyber attacks. As the scope of protecting data has become more complex, we’ve slowly learned that deploying more security controls alone is not a risk management solution...
Comments (0)
Pen Test vs. Vulnerability Scan: You know the difference, but do they?
November 28, 2012 Added by:Stacey Holleran
Small business owners often don't have someone who is versed in network security. So when they are told they need a “network penetration test” to comply with PCI DSS, many will contact the growing number of companies offering inexpensive testing services...
Comments (5)
Our Massively Dysfunctional Cyber System
November 28, 2012 Added by:Joel Harding
What should be done to stop theft of intellectual property by state actors (China) would require a Presidential Finding but our leadership structure is devoid of real leaders. That is not a political statement, that is a statement about our country...
Comments (0)
European Commission supports research on Cyber security
November 28, 2012 Added by:Pierluigi Paganini
Cyber security is considered a primary target for every governments, the increase of cyber criminal activities, state-sponsored operations and the rise of hacktivism requires the use of additional resources to counteract these phenomena...
Comments (0)
Windows 8 Forensics: Recycle Bin
November 27, 2012 Added by:Dan Dieterle
The purpose of this project is to determine key differences between the Windows 7 and Windows 8 operating system from a forensic standpoint in order to determine if there are any significant changes that will be either beneficial or detrimental to the forensic investigation process...
Comments (0)
Proactive defense, humans or machines… that’s the question
November 27, 2012 Added by:Pierluigi Paganini
Cyber conflicts are characterized by the necessity of an immediate cyber response to the incoming cyber threats, in many cases the reaction must be instantaneous to avoid the destruction of assets and resources. The human factor could represent an element of delay...
Comments (0)
Low-Cost Ways to Make Your Network More Secure
November 26, 2012 Added by:Marc Quibell
There are improvements you can introduce that are seamless, low-cost , don't present a new burden to your users, and/or are easy to implement. So in between your major IT Security projects that may or may not happen, why not improve you security posture and lower your overall risks?
Comments (2)
Windows 8 Security in Action: Part 2
November 22, 2012 Added by:Dan Dieterle
I have noticed some changes in the way Microsoft handles their different service account passwords over the past few weeks. It first started a while back when using Microsoft Live mail. One day when I typed in my legitimate password to my e-mail account, I received this error message...
Comments (0)
Defending Your Digital Domain Redux: Take 2
November 21, 2012 Added by:Rafal Los
I'll start with I'm not an expert on 'cyber warfare' or a lawyer offering legal advice, in fact I'd simply rather not touch that whole angle at all. I'm much more comfortable addressing this issue as it came up today from a more sensible perspective. What follows in this post is an editorial opinion...
Comments (0)
Modernizing Physical Security and Incorporating Best Practices Into New Assets
November 18, 2012 Added by:Michele Westergaard
Cyber security threats to the utility industry are increasing in number and sophistication. The North American Reliability Corporation (NERC) is increasing the Critical Infrastructure Protection (CIP) regulatory requirements to ensure facilities are meeting basic standards in this area...
Comments (0)
LTE networks vulnerable to jamming, a question of national security
November 18, 2012 Added by:Pierluigi Paganini
"These comments describe extremely effective attacks can be realized, using fairly low complexity. It would be in the interest of public safety to take measures to reduce the vulnerability of Public Safety LTE, and lower the likelihood of an effective jamming attack..."
Comments (0)
Unconventional Defense - Taming a wild environment with CCRM
November 15, 2012 Added by:Rafal Los
Configuration, Change and Release Management is crucial to being an effective information security organization in an enterprise large, or small. If you don't have a handle on the rate of change in your enterprise, you have absolutely no hope of effectively securing anything...
Comments (0)
Never Attribute to Malice, But Always Verify
November 15, 2012 Added by:Fergal Glynn
FX did find hardcoded local bootloader passwords. These would require physical access and are the types of hardcoded passwords commonly found in networking gear and appliances. Yes a vulnerability but not likely nefarious...
Comments (0)
Reverse Deception: Organized Cyber Threat Counter-Exploitation
November 14, 2012 Added by:Ben Rothke
Every organization of size and scope is a target, and many of the world’s largest firms and governments have been victims. In Reverse Deception: Organized Cyber Threat Counter-Exploitation, Dr. Max Kilger and his co-authors provide an effective counterintelligence approach in which to deal with APT...
Comments (0)
Why Least Privilege Management is Essential to the new NIST Risk Assessment Guidelines
November 13, 2012 Added by:Paul Kenyon
NIST guidelines that were updated last mont, make multiple references to privileged users and/or administrators, who are deemed both major threat sources and enablers of risky events. When it comes to these standards, taking a least privilege approach to security is a major step towards protecting organizations...
Comments (1)
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget
- Balancing Act Between Privacy and Security
- The NSA’s Word Games Explained: How the Government Deceived Congress in the Debate over Surveillance Powers
- NSA Surveillance Is Legal And Not Targeting Average Americans, Says Texas A&M Professor