I recently had my first guest diary published on the SANS Internet Storm Center Diary. I have enjoyed the material on the ISC site for many years and consider it an honor to contribute. I hope this is helpful information that you can use to be better prepared for your next computer security incident.
Sweet Spot – Minimize the Number of Users with Domain or Local Administrator Privileges
Gaining access to administrative accounts is often the goal of an attacker. What can you do to ensure that only the appropriately trained and fully accountable people have and maintain administrative access on your systems? This effort must start with an accurate inventory of every account with elevated access and must be strictly maintained. The […]
Sweet Spot – Patch Applications
Attacks against applications are certainly a growing threat to organizations. Some argue that as system administrators become better at configuring and patching their systems, the application is the next logical target of attack. What can be done at little to no cost to help prevent these threats to your environment? Every application that is installed […]
Security By Design
The Atlanta ISSA chapter, along with the Atlanta Society of Digital Forensics and eDiscovery, the Society of Industrial Security Professionals and the Atlanta OWASP chapter are hosting the Security By Design Conference on November 8 and 9. The conference schedule includes 7 tracks that run on both days and also features a special event on both […]
Control 4 – Secure Configurations of Network Devices Such as Firewalls, Routers, and Switches
Control 4 is similar to Control 3 in that it is concerned with maintaining a secure configuration. This time the focus is on network devices. What is the last thing you did on your network devices? Likely it was add a rule to permit a new traffic flow. When was the last time you made […]
SANS Security 401 in Chattanooga
Tonight starts my SANS Mentor class in Chattanooga, TN. I am very excited about bringing SANS training to Chattanooga. It was a lot more preparation than I expected, but I am so glad I finally decided to do it. Security 401 – SANS Security Essentials Bootcamp Style was the first SANS class I took way […]