Okay, we all have them… they’re everyone’s dirty little network security secrets that we try not to talk about. They’re the protocols that we don’t mention in a security audit or to other people in the industry for fear that we’ll be publicly embarrassed. Yes, I’m talking about cleartext protocols which are running rampant across many networks. They’re in place because they work, and they work well, so no one has had a reason to upgrade them. Why upgrade something if it’s working right? Wrong. These protocols need to go the way of records, 8-tracks and cassettes (many of these protocols were fittingly developed during the same era). You’re putting your business and data at serious risk by running these insecure protocols.
Mark will share really cool information from his pen tests – including how he was able to gain control to the entire facility of major metropolitan by exploiting a single server. How is this possible? Well, as Mark will share – once an attacker gets control of a PC he or she are really in the dark – and one of the first things an attacker does is run a scan of all endpoints which are accessible from the compromised machine to see what is around. In Mark’s words, nothing is more frustrating to an attacker than realizing he can’t really get anywhere because of effective network segmentation.
Over the past couple years anything with the word “cloud” in it has been selling big. It's been the ultimate buzzword in marketing and has completely clouded (pun intended) the understanding of what cloud-computing actually is these days. If you ask ten people today to explain what the cloud is you'll most likely get seven different answers. This confusion behind what a cloud actually is has also confused people from a security perspective as to what they should be protecting. If you're not sure what you're getting into with cloud services how can you realistically secure it? In this blog we'll speak about a few of the high points on security while in the cloud.
Last week we held a webinar with our good friends from Qualys (you can view the recording here). The webinar discussed the integration between Qualys and AlgoSec that enables Application-Centric Vulnerability Management. One of the questions from the audience asked what happened to device hardening? Why is everyone only talking about things such as advanced threat prevention when it comes to security practices.
Heartbleed happened – find out how to deal with the fallout.
Do you ever get excited about something, perhaps a new restaurant opening in your area or a new project you get to be a part of, yet no one else seems to care? It’s how humans work. If people don’t understand the value of something, it’s hard for them to get too excited. Be it your personal life or in business, you have to remember this – especially if you work in IT or information security.