I feel like there's always been a bit of confusion when it comes to GRE and IPsec tunnels. Questions like when to use them and which was more secure are brought up frequently. Hopefully this article clears up any confusion on the differences between these two frequently used tunneling methods.
Pages
Friday, December 30, 2016
Wednesday, December 28, 2016
Vetting Out Cloud Apps Like A Pro
Putting your data in the cloud isn't an excuse to be lazy about security. The cloud makes things flexible, but it doesn't mean you skimp on security. When moving systems, applications or data into the cloud we still need to perform our due diligence to protect our assets.
Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.
Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.
Tuesday, December 27, 2016
Establishing A Data Protection Committe
Data security and privacy are major concerns now within enterprises and creating a data protection committee is a way to establish responsibility, strategic direction and member buy-in throughout the organization. Developing a data protection committee and brining in members from deep within the company will assist with getting insight into security concerns you might have initially overlooked.
Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail.
Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail.
Friday, December 23, 2016
What is fuzzing and why do I need it?
Fuzzing is my new favorite word and not just because it's fun to say! Fuzzing is a method used in software testing that allows for automated, or manual, techniques to input invalid, random and unexpected data in a program to see if it can generate errors. These errors can be either functional or security related and using fuzzing techniques helps develop code that's more stable and secure.
Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.
Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.
Thursday, December 22, 2016
Post Exploit Visibility
Great article from Efflux Systems discussing post-exploitation, eliminating blind spots and improving security operations via correlation and automation. There's been a lot of talk about this subject lately and they bring a good perspective to the conversation.
It's worth a read!
It's worth a read!
Wednesday, December 21, 2016
Open Season - Building Syria's Surveillance State - Privacy International
Once again, here's some great work done by "Privacy International" revealing the Syrian governments repressive surveillance state. The report dives into how they perform surveillance, the middlemen involved and how the Assad regime has used technology as a weapon against their own people.
As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.
Take a look at the report here: https://privacyinternational.org/sites/default/files/OpenSeason.pdf
As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.
Take a look at the report here: https://privacyinternational.org/sites/default/files/OpenSeason.pdf
A Look Back at 2016
Here's an article I contributed to for Tripwire tying up the some of the biggest items of the year. Lots of other really good contributors on here too.
Friday, December 9, 2016
Into the Abyss - What is Upstream Surveillance?
This is infographic made by the ACLU on "Upstream Surveillance". You can read the article in it's entirety here.
Wednesday, December 7, 2016
CLDAP DDoS Amplification is a Thing
Just about any protocol, if not protected properly, can be abused my attackers. We've see this recently with CLDAP being used in DDoS amplification attacks across the internet. In this article, I explain what DDoS amplification is and why leaving unneeded services on the internet provides attackers ammunition to quickly launch attacks against their victims. With any amplification DDoS, attackers rely on insecure, misconfigurationed or unpatched systems sitting on the public internet to be used as a weapon in their assault. At this point, our negligence in using technology properly (patching and configuration) becomes an enabler for attackers looking to abuse them for their own gain.
Monday, December 5, 2016
What happens after a malicious link is clicked?
Most security teams are focused on how to stop people from clicking malicious links, which they should be, but I don't see enough thought on what should be done after a link has been clicked. Yes, we need to spend time implementing tools that will help prevent "click happy" people, but we also need to prepare for the inevitable. Seriously, it's going to happen and it won't stop anytime soon.
So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.
So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.
Subscribe to:
Posts (Atom)