We specialize in implementing “Splunk for Security.” This could mean getting your firewalls and IDS devices talking to Splunk and making the logs have some meaning or taking in your vulnerability management data and breaking out alerts that tell you where your real problems are. To us, it’s all data and it’s all useful for security. I love the term “big data” because it can be applied to anything at all; kinda like the “Cloud.” (more…)
Puppet uses SSL to communicate from the puppet master to the puppet agents. Using SSL ensures that all communication from the agent to the master is encrypted. This is especially important when you consider the facts are being transmitted via factor. These facts include a lot of low level system information including ip addresses, os, and even ssh keys. Encryption is a must because of this. Luckily, puppet has built this in and the puppet certificate manager makes managing this easy.
(more…)
Information security professionals often find themselves filling a critical but unique role within an organization. An effective security approach must balance required business operations and system availability while still ensuring the confidentiality and integrity of these same systems. Systems that are absolutely secure are not usable. Likewise, systems that are completely usable are absolutely not secure.
(more…)
When you are hiring a third party web developer you need to consider several things so I’ve attempted to prioritize the things you will want to ask in this list. These are in no particular order of importance. The answers I have provided are only examples, as acceptable answers will vary based on your web application and company needs.
(more…)
Typically, one of the early things a new user on a Unix-like system will encounter is the need to understand the unix file permissions system. (more…)
This is not a nice post. This is not a post about posing great interview questions or how to tell if someone can actually do the job. No, this is a post about how to watch out for people you want to hire to help your company. You know the ones – the con-sultants, the slick ones, the rockstars, the ones you should fear. Some of these guys can be worse than the actual bad guys and here are five things to look for when you’re trying to spot them.
(more…)
I have a few pet peeves (okay maybe a lot more than a few) but some of them really do have a basis in reality and aren’t just blind rage. This one falls into the “based in reality” category and really enrages me. Every once in awhile I register for some security training because, well, I’m curious as to what else is out there and because I want to learn things I don’t already know…crazy right?
(more…)
This deviates from our normal security discussion, but I’m a developer and this problem has plagued us for a number of days. Turns out the solution is only a few days old, so there’s limited information available out there. Hope this helps!
(more…)
A few days ago, I had the “pleasure” of checking in to the Urgent Care center in my neighborhood hospital. When I was triaged I was issued a nifty little bracelet that had some information printed on it. Nothing major, just my patient number, name, sex, birth date and some other random looking codes on there.
(more…)
If something fishy is going on with an email you received, you should definitely trust your intuition. Email phishing scams have become an easy way to lure recipients into sharing personal information or clicking on links that install harmful computer malware.
(more…)
