• Home
  • /Archive by category ' Cyber Security '

Archive For: Cyber Security

The Assumed Breach Model – A Practical Approach Part 3

In Part 1 of this series I gave a brief overview of  the assumed breach model of security.  In Part 2, I dove into some details about major components to implementing the assumed breach model.  In Part 3, I am going to provide some concise, real world steps to moving toward this mindset within an ... Read More
 

#Spectre and #Meltdown – What do we do?

Seems like now about every 6 months or so every asks this same question about some new vulnerability.  The answer should be the same, do the same thing you should have been doing before this vulnerability came out. In an Assumed Breach model of security, these vulnerability would have already existed, and your other network ... Read More
 

The Assumed Breach Model – A Practical Approach Part 2

In Part 1, I gave a brief overview of the Assumed Breach model.  In this part, I will begin to dive a little deeper into some of the areas where the assumed breach model can focus.  I am going to cover three areas: Network Segmentation Tiered Accounts and Access Control Log Management and Threat Hunting ... Read More
 

10 Immutable Laws of an Assumed Breach

A few years back Microsoft released a set of 10 Immutable Laws of Security. These are tried and true and should be a foundation of security posture.  I have been developing some information around the Assumed Breach model of security.  You can read about it in a series of blog posts I am going to ... Read More
 

The Assumed Breach Model – A Practical Approach Part 1

This is something I have been socializing for a while now, but I thought it was time to start putting some of thoughts down in writing. So what is the assumed breach model of security? To put it simply, it is a security strategy that assumes any given endpoint is breached and controls risk as ... Read More
 

Windows Event Log Management Presentation

I recently presented a brief presentation to the Central Alabama ISSA Chapter on Windows Event Forwarding (WEF).  I have a previous blog with a number of resources for getting WEF up and going.  The main point of this presentation was to point out the simplicity of WEF and for people to consider what they are ... Read More
 

Risk of using VNC in an Enterprise Environment

VNC is a protocol used by a number of products for remote viewing and control of devices.  I am also including services such as X11 in this discussion.  Ultimately, this includes any remote viewing software that is not native to an application that runs persistently on the end device. Identity Access Management Software like this, ... Read More
 

WannaCry – Sifting Through The Hype

There has already been a number of blog posts and analysis of the WannaCry ransomware attack.  I am not going to attempt to add any detail to that.  I do find it helpful to have a consolidated list of well sourced resources. Bottom Line Rollout MS17-010 to any systems that don’t have it If you ... Read More
 

IaaS and the Shared Responsibility Model

  A note to vendors: Infrastructure as a Service (IaaS) != secure/compliant applications, it can, but doesn’t by default. Why are people putting their servers and applications in IaaS providers like AWS and Azure? They can get a cheap, fast and secured data center to host their servers/applications. But that doesn’t mean they get the ... Read More
 

NIST Guide for Cybersecurity Incident Recovery

NIST, National Institute for Standards and Technology, just released a new guide for incident response and recovery for a cyber security incident. What is a Cyber Security Incident? According to NIST Special Publication 800-61, Computer Security and Incident Handling Guide, an event is any observable occurrence in a system or network. Events include a user ... Read More