after upgrading systems check for new services running

After upgrading check for new services as the Internet Storm Center noted after a firewall operator noted new streaming data coming to/through firewall.

Upgrading the NAS server caused a media streaming service to turn on.

 

And that is how it starts. After an upgrade some months ago a service is turned on, even though one does not notice.

Then some time goes by and a vulnerability opens within the system.

Now the hackers can target the system.

Check your systems with Alpha or Sigma(Σ)

 

 

Keep an eye on CERT – New website look

CERT – Community  Emergency Response Center  for computers was created in 1988 in response to the Morris worm.

The CERT organization I am talking about is based out of Carnegie Mellon(Software Engineering Institute), and has helped the computer industry with their insight and tools

The CERT tools link.  There are some good tools to use in combating various issues, including finding insecure application instances,

forensic tools, virtual machine reboot recovery, and more.

New Google Chrome vulnerability

Patch your Google Chrome –

From cve.mitre.org

Why would a Google Chrome vulnerability be important? because if you happen to bump into a nefarious website

(unbeknown to you) it will affect your Google Chrome  and then little by little the hacker will gain more information.

Pretty soon there will be open ports that you may not know about and those ports are “phoning home” to the master.

 

Scan your systems(with A or Σ) to see if you have rogue applications on your systems.

 

The security dilemma

Information Security has a dilemma:

the problem is that we don’t want to be seen(interfere) with whatever the user wants to do, but yet there

need to be secure transactions. The security of our network and applications need to be part of Information technology actions.

The website, email and network traffic needs to get where it is supposed to go without interference or eavesdropping.

But in network security we have many types of grey areas.

False positives, negatives, and many Heisenberg principle issues (i.e. if you want to view network traffic you may be altering the traffic itself)