How to Define, Simplify and Enforce Network Segmentation and Security Zoning

segmentation

segmentationFollowing our recent webinar on “Segmenting Your Network for Security: The Good, the Bad and the Ugly”, our own CTO, Professor Wool, has produced a new “security management 201” video, where he provides his own tips on how to define network segmentation and security zoning.

Read more on How to Define, Simplify and Enforce Network Segmentation and Security Zoning…

Are You Positive Your PoS is Secure?

credit-card-thief

credit-card-thiefAs we have recently seen in the news, Point-of-Sale (PoS) systems become a prime target for hackers. While debit and credit card transactions have increase exponentially every year, security of PoS devices is just catching up. In light of these breaches and in conjunction with my current blog series on PCI Requirement 1, here are a few tips to help you secure your PoS systems and comply with PCI.

Read more on Are You Positive Your PoS is Secure?…

Mission Impossible: Network Segmentation War Stories from a Frontline Pen Tester

Mission-Impossible

Mission-ImpossibleA couple of weeks ago Mark Wolfgang, CEO of Shorebreak Security gave a fascinating webinar on a recent engagement where his organization undertook a pen test of a major metropolitan city complex. As part of the test they found that they could gain access to the employee card reader system – a system that controlled access to the police gun lockers,  evidence lockers, holding cells, narcotics vault, guard workstations, the mayor’s office, server rooms – basically any door in the entire city complex!

Read more on Mission Impossible: Network Segmentation War Stories from a Frontline Pen Tester…

Firewall Migration: 3 Tips To Help Make The Process Easier

shed-move1

shed-move1It goes without saying that security is the cornerstone of any organization today. This includes ensuring access to corporate data is secured, connectivity to the data center from both internal and external users is secured, and that critical security updates are installed. Now comes the big question: what if you have to migrate your security policy to a new platform?

Read more on Firewall Migration: 3 Tips To Help Make The Process Easier…

Avoid The Traps: What You Need To Know About PCI’s Requirement 1

credit-card-trap

credit-card-trapSo you’re going through a PCI assessment for the first time and you start reading through the requirements mandated by your Qualified Security Assessor (QSA) and the PCI Council auditor. Naturally you start with the first Requirement: Install and maintain a firewall configuration to protect cardholder data. Well you have a firewall installed and the last time you checked there were rules configured, so you can just move on to requirement 2, right? Wrong! This Requirement can make or break your assessment. Without the proper configurations, audit tracking and proof of compliance, etc. you’re going to be hard pressed to pass it.

Read more on Avoid The Traps: What You Need To Know About PCI’s Requirement 1…

Three Tips for Creating an Effective Security Change and Process Control Strategy

change management

change management

We’re at the stage where modern enterprises now directly rely on their data center to run their businesses. And security – protecting what’s actually living in the data center – is one of the most critical issues for businesses today. So how do you control security? How do you create a process to manage change within security policies?

Read more on Three Tips for Creating an Effective Security Change and Process Control Strategy…