Friday, December 30, 2016

GRE Tunnels vs IPsec Tunnels

I feel like there's always been a bit of confusion when it comes to GRE and IPsec tunnels. Questions like when to use them and which was more secure are brought up frequently. Hopefully this article clears up any confusion on the differences between these two frequently used tunneling methods.

Wednesday, December 28, 2016

Vetting Out Cloud Apps Like A Pro

Putting your data in the cloud isn't an excuse to be lazy about security. The cloud makes things flexible, but it doesn't mean you skimp on security. When moving systems, applications or data into the cloud we still need to perform our due diligence to protect our assets.

Here's an article I wrote describing a few methods to vet out cloud applications before it becomes a security afterthought.

Tuesday, December 27, 2016

Establishing A Data Protection Committe

Data security and privacy are major concerns now within enterprises and creating a data protection committee is a way to establish responsibility, strategic direction and member buy-in throughout the organization. Developing a data protection committee and brining in members from deep within the company will assist with getting insight into security concerns you might have initially overlooked.

Here's an article I wrote for CloudPassage describing the creation of a data protection committee in greater detail. 

Friday, December 23, 2016

What is fuzzing and why do I need it?

Fuzzing is my new favorite word and not just because it's fun to say! Fuzzing is a method used in software testing that allows for automated, or manual, techniques to input invalid, random and unexpected data in a program to see if it can generate errors. These errors can be either functional or security related and using fuzzing techniques helps develop code that's more stable and secure.

Microsoft is taking these techniques and putting them in the cloud with their "Project Springfield" initiative. Here's an article I wrote about fuzzing, Project Springfield and why you need it.

Thursday, December 22, 2016

Post Exploit Visibility

Great article from Efflux Systems discussing post-exploitation, eliminating blind spots and improving security operations via correlation and automation. There's been a lot of talk about this subject lately and they bring a good perspective to the conversation.

It's worth a read!

Wednesday, December 21, 2016

Open Season - Building Syria's Surveillance State - Privacy International

Once again, here's some great work done by "Privacy International" revealing the Syrian governments repressive surveillance state. The report dives into how they perform surveillance, the middlemen involved and how the Assad regime has used technology as a weapon against their own people.

As the report mentions, "The lead up to the Arab Spring was open season for surveillance companies - they provided technologies to eager government clients widely know to be publicly engaged in repression." Seeing the tragedy of Aleppo unfold in the media, it's hard to believe how these surveillance companies sleep at night.

Take a look at the report here:

A Look Back at 2016

Here's an article I contributed to for Tripwire tying up the some of the biggest items of the year. Lots of other really good contributors on here too.

Friday, December 9, 2016

Into the Abyss - What is Upstream Surveillance?

This is infographic made by the ACLU on "Upstream Surveillance". You can read the article in it's entirety here.

Wednesday, December 7, 2016

CLDAP DDoS Amplification is a Thing

Just about any protocol, if not protected properly, can be abused my attackers. We've see this recently with CLDAP being used in DDoS amplification attacks across the internet. In this article, I explain what DDoS amplification is and why leaving unneeded services on the internet provides attackers ammunition to quickly launch attacks against their victims. With any amplification DDoS, attackers rely on insecure, misconfigurationed or unpatched systems sitting on the public internet to be used as a weapon in their assault. At this point, our negligence in using technology properly (patching and configuration) becomes an enabler for attackers looking to abuse them for their own gain.

Monday, December 5, 2016

What happens after a malicious link is clicked?

Most security teams are focused on how to stop people from clicking malicious links, which they should be, but I don't see enough thought on what should be done after a link has been clicked. Yes, we need to spend time implementing tools that will help prevent "click happy" people, but we also need to prepare for the inevitable. Seriously, it's going to happen and it won't stop anytime soon.

So, in this article I wrote for SearchSecurity I go over a few areas we should be thinking about after a malicious link has been clicked. I think it's equally important to know how to react to these situations as it is implementing technology that will prevent it. It's a big deal.