securitycompliance

Pentesting – what is it actually?

Posted on

Penetration testing are several acts on various computers and systems.   First in “recon”  one checks the public profile of the company. Use scan tools, nmap, hping, scapy, burp suite,  and others to check the target computers out.  (this is the Alpha scan)   Then one can use a few pre-built tools to review vulnerabilities […]

securitycompliance

The challenges of Security in a map

Posted on

This is one of the many mindmaps from Aman Hardikar: You can see that it is not only network firewalls and websites that need to be reviewed.   A security architecture needs to be developed from security principles within procedures and goals laid out within business objectives.  

securitycompliance

Sample report

Posted on

we have placed a sample evaluation on our fixvirus.com site (the alpha-A scan) Here we have scanned a server and found it had a few services turned on that should not have been. (Telnet and ftp should be replaced with a secure version, such as ssh and scp) The web services need to be tested […]

securitycompliance

Keep an eye on CERT – New website look

Posted on

CERT – Community  Emergency Response Center  for computers was created in 1988 in response to the Morris worm. The CERT organization I am talking about is based out of Carnegie Mellon(Software Engineering Institute), and has helped the computer industry with their insight and tools The CERT tools link.  There are some good tools to use […]