Archive for 'Security Tools' Category
Vulnerabilities come in all shapes and sizes and while operating system patch management has largely been simplified with tools like WSUS, there is still a high degree of risk due to many popular third party applications and the lack of any centralized patching mechanism for maintaining those installations. Vendors such as Adobe and Mozilla regularly release updates for their software packages, but managing those updates has been an arduous task for many system administrators. Until recently, the only centralized option was to create your own MSI packages and deploy them via group policy or SCCM.
In November 2011, the FBI replaced rogue DNS servers with clean servers to prevent millions of Internet users infected with the DNSChanger malware from losing Internet connectivity when the members of a ring where arrested during Operation Ghost Click. However, the court order allowing the FBI to provide the clean servers is set to expire on March 8, 2012. Computers that are infected with the DNSChanger malware may lose Internet connectivity when these FBI servers are taken offline.
One audit test we perform that sets us apart from many audit firms is a review of code, content, and infrastructure using the OWASP Top Ten Vulnerabilities as a framework.
I just got off the phone with Dan after he spent the last couple of days at the Indiana Bankers Association’s IT Security Conference. He said it went great! Lots of good information and wonderful speakers. Long story short: I’m a multi-tasker. So, while discussing the conference, I needed something to do to fill that multi-tasking gap (I couldn’t work on the IT Audit report and listen to him at the same time). This is what I did…
Establishing a Security Culture . . . Which is it, the chicken or the egg? Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . My curious question is this: Do you have enough of a security culture to talk your management team into taking an assessment […]
Mark your calendars! The Indiana Bankers Association has scheduled their IT Security Conference for 2010.