When organizations consider outsourcing applications or processes to cloud providers, there are many areas to evaluate carefully. Security is always near, or at the top of the list. Of the many facets of security to evaluate when selecting cloud providers, asking for disclosure of relationships to other cloud providers or third parties of interest is one not to forget. Let’s examine a simple scenario where this could impact your ability to meet compliance and/or regulatory requirements. (more…)
July 10, 2012
Cloud Security: Transitive Relationships
Posted by Robert under Cloud Security, I.T., Security | Tags: Cloud Security |Leave a Comment
July 9, 2012
The time has arrived! Malware Monday, as some have labeled it. The FBI has shut off the DNS servers it maintained to allow those infected with the malware to continue to operate and provide additional time for cleanup. The malware re-directed web site requests to sites where the its authors could make money off of advertising — so called “click hijacking.” And make money they did — supposedly about $14 million USD. (more…)
June 12, 2012
Passwords: Are They Hopeless?
Posted by Robert under Encryption, I.T., Security | Tags: Password Security, Passwords |Leave a Comment
With millions of passwords stolen from LinkedIn, eHarmony and Lastfm.com in the past few weeks, it is a good idea to re-think your password strategy. It should certainly make it clear that re-using one or even several passwords across many web sites can be dangerous. But creating and remembering individual passwords for the ever-growing collection of web sites that comprise our digital lives can be daunting. What should you do? (more…)
June 11, 2012
Enterprise IP Address Schema: A Precursor to Security Zones
Posted by Robert under I.T., Networking, SecurityLeave a Comment
Networks, like the enterprises they support, evolve over time. It is extremely rare that one has the opportunity to re-evaluate the underlying assumptions behind a logical network design and the IP address schema, and with the advantage of hindsight, make course corrections that can provide flexibility and accommodate the security controls needed now and into the future. Such an opportunity may only come along once a decade or more. Most corporate enterprises did not connect to the Internet until the late 1990′s or early 2000′s, and their experience with TCP/IP was limited, but many are still living with the choices made long ago. If you could re-design your enterprise network IP address space today, what would you change? The example that follows provides one such way for a large private network. Of course you have to have a driver for undertaking such a project and the creation of security zones is a good one! (more…)
June 8, 2012
Security Zones: A Strategy for Managing Risk
Posted by Robert under I.T., Networking, Security | Tags: Security Zones |Leave a Comment
Establishing isolated security zones within an enterprise network is an effective strategy for reducing many types of risk, and this is especially obvious when one considers how permeable networks are today. The old perimeter defense model is no longer sufficient. Some would argue it is no longer necessary — that de-perimeterization is inevitable, we should prepare for a future of blended networks without clear boundaries and security should be moved inward. Ultimately, all security is about protecting a valuable asset – data – but that protection involves a defense-in-depth strategy that includes all layers. (more…)
November 3, 2011
Big Enterprises: Why do they move so slowly?
Posted by Robert under Uncategorized | Tags: Agile Enterprises, Agility |1 Comment
If you work in a big enterprise, you will undoubtedly find yourself frustrated with the lack of agility in moments that would seem to demand immediate course corrections. Although a measured response is often appropriate, what elements in the culture and structure of corporate and government behemoths prevent quick and decisive action when it is clearly needed? (more…)
August 18, 2010
Ever upgraded SSH, either due to a major patch or an operating system upgrade and run into the following?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 93:d4:93:67:fa:4e:53:7d:2c:aa:0d:4b:8e:60:4d:eb. Please contact your system administrator. Add correct host key in /<user home directory>/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:4 RSA host key for host.example.com has changed and you have requested strict checking. Host key verification failed.
