When we set up a Network we segment the network. The firewall protects the inside network, and the inside network critical systems are separated from the rest of the devices. Also for compliance reasons one needs to segment networks. So the hacker wants to see all the computers… (how?) VLAN hopping. http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf This is … Read more
If set up correctly your Firewall logs will tell you what is most important about your network, your employees, any trojans or viruses that are running in your network, etc. How do we do that in a way that can effectively make a safer network? SANS.org has a great pdf document that discusses this topic … Read more
As other blog posts have mentioned in the past: Schneier: https://www.schneier.com/blog/archives/2013/01/people_process.html http://www.computerweekly.com/blogs/david_lacey/2013/01/we_need_more_use_of_security_t.html Here is the “Security Triangle” People, Process, and Technology. Image from: http://www.business2community.com/online-communities/social-intranets-merging-people-process-and-technology-0126252 Even though the image above is for social media, I like it because it shows the number of items in People that must be behind your new security push. “Security People” … Read more
We are talking IT security risk – not financial or other security. IT security Risk – How to define it? Colors Green, Yellow, Orange, Red ? Numbers 12345 , or wording – low, med, high. Image from BCM – Business Continuity Management Institute But whatever we use it may not be very accurate in … Read more
If the weakest link in Security or the equal parts of security : People, Process, and Technology, then we need to help the people in your organization with keeping up with security changes and threats without a large training expense. Not everyone wants to become an IT geek to be more secure. So why are … Read more
