1. Obtain a technology that will be able to see the attacker trying to communicate with the attack software(malware etc) in your network. This system should have the capability to remove network traffic if it does not pass your rules. The NGFW Next Generation FireWall with an included Intrusion Prevention System(IPS) can get this job … Read more
Why can’t I just use an automated service like http://www.trust-guard.com ? One reason to reconsider only using Trust-guard is that it is not QSA certified from the PCI Security Standards council: https://www.pcisecuritystandards.org/approved_companies_providers/qsa_companies.php As a pentester (penetration tester) we use a QSA certified tool to verify vulnerability assessments on your resources. (such as Nessus) we have also used … Read more
As you may know SSL is the security standard upon the encrypted Internet was first built. the Secure Socket layer is no longer secure though. If you read our POODLE (Padding Oracle On Downgraded Legacy Encryption)post: http://oversitesentry.com/the-sslv3-vulnerability-fix-and-explanation/ It showed the current reality of SSLv3 (the latest version) is no longer secure. And thus it is … Read more
Moving to the Cloud is important for the “next” level of IT in the board room(the Chief xO’s and directors…) all you need is a browser in “the cloud” Why? Now we can have computing at our desktops and mobile devices without the local infrastructure. We don’t need those specialist IT people (I … Read more
2014 was the “Year of the Breach” they say with the usual credit card breaches: Home Depot, Target and more… The clincher was the ultimate attack with Sony corp that brought the network down completely. It was an unusual attack, since the attackers actually stole data and then deleted it. Thus the network became unusable. … Read more