Is My Datacenter Agile? Tips to Help Simplify the Datacenter Security Policy Migration Process

Moving Data Center

Moving Data CenterWhen working with some of the largest organizations in the world, many are now asking me just how agile is my data center? How easy would it be to migrate it to a cloud-based platform?

Read more on Is My Datacenter Agile? Tips to Help Simplify the Datacenter Security Policy Migration Process…

Avoid the Traps: What You Need to Know About PCI Requirement 1 (Part 3)

bskyb_image_203586_v1_153496548_1_400x240

bskyb_image_203586_v1_153496548_1_400x240So we’ve made it to the last part of our blog series on PCI 3.0 Requirement 1. The first two posts covered Requirement 1.1 (appropriate firewall and router configurations) and 1.2 (restrict connections between untrusted networks and any system components in the cardholder data environment) and in this final post we’ll discuss key requirements of Requirements 1.3 -1.5 and I’ll again give you my insight to help you understand the implications of these requirements and how to comply with them.

Read more on Avoid the Traps: What You Need to Know About PCI Requirement 1 (Part 3)…

Avoid the Traps: What You Need to Know about PCI Requirement 1 (Part 2)

restricted-area-authorized-personnel-only-image

restricted-area-authorized-personnel-only-imageWe’ve now reached part two of our three part series on PCI Requirement 1. In our previous blog post we reviewed the 1.1 sub-requirement which covers firewall and router configurations. In this post move on and take a detailed look at PCI Sub-requirement 1.2: Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.  

Read more on Avoid the Traps: What You Need to Know about PCI Requirement 1 (Part 2)…

How to Define, Simplify and Enforce Network Segmentation and Security Zoning

segmentation

segmentationFollowing our recent webinar on “Segmenting Your Network for Security: The Good, the Bad and the Ugly”, our own CTO, Professor Wool, has produced a new “security management 201” video, where he provides his own tips on how to define network segmentation and security zoning.

Read more on How to Define, Simplify and Enforce Network Segmentation and Security Zoning…

Are You Positive Your PoS is Secure?

credit-card-thief

credit-card-thiefAs we have recently seen in the news, Point-of-Sale (PoS) systems become a prime target for hackers. While debit and credit card transactions have increase exponentially every year, security of PoS devices is just catching up. In light of these breaches and in conjunction with my current blog series on PCI Requirement 1, here are a few tips to help you secure your PoS systems and comply with PCI.

Read more on Are You Positive Your PoS is Secure?…

Mission Impossible: Network Segmentation War Stories from a Frontline Pen Tester

Mission-Impossible

Mission-ImpossibleA couple of weeks ago Mark Wolfgang, CEO of Shorebreak Security gave a fascinating webinar on a recent engagement where his organization undertook a pen test of a major metropolitan city complex. As part of the test they found that they could gain access to the employee card reader system – a system that controlled access to the police gun lockers,  evidence lockers, holding cells, narcotics vault, guard workstations, the mayor’s office, server rooms – basically any door in the entire city complex!

Read more on Mission Impossible: Network Segmentation War Stories from a Frontline Pen Tester…