New devices and old alike: The issue with WiFi is that it is a network piece that can bite you if you are not aware of it. In PCI compliance the relevant section (besides the sections for configuring your device correctly at 4.1) The testing of Wireless networks is in 11.1: … Read more
Even a Next Generation Firewall(NGFW) will not save your network if the fundamental architecture is designed to prevent the firewall from working properly. Asaf Cidon Posted the following at informationweekDARKReading: http://www.darkreading.com/endpoint/why-the-firewall-is-increasingly-irrelevant/a/d-id/1320800 Obviously a firewall protects machines and users that are behind the firewall. So as Asaf rightly points out when the user data is … Read more
In the security field we seem to be going over the same ground over and over. The reason for this is that security should be easy and an afterthought, but when it is treated that way problems come up sooner or later… I did not lead with the Cardinals versus Astros story, but the story … Read more
At Showmecon (www.showmecon.com – June8,9 2015) I went to a HIPAA compliance talk by Hudson Harris “HIPAA 2015- Wrath of the Audits” It was an excellent talk by Hudson Harris @legallevity (his Twitter account) And this is what my report (or what I got out of it) is: 1. 10% of all HIPAA covered … Read more
That is what PCI(Payment Card Industry) DSS(Data Security Standard) v3.1 April 2015 says at 10.6.2 and 10.6.1 This makes sense right? review your logs for security events, and of all critical components and systems. The list of critical systems: Firewall Any email server (proofpoint, antispam etc) Fileserver IPS/IDS system Intrusion Prevention-Detection System Routers … Read more
