HackDig : Dig high-quality web security articles for hacker

SCM: Reducing Security Risk via Assessment and Continuous Monitoring

As I discussed in a previous blog post, a key security control known as file integrity monitoring (FIM) helps organizations defend against digital threats by monitoring for unauthorized changes to their system state. But that’s only half the battle. A change could be authorized but still create new security risk. Organizations need to watch for these t
Publish At:2017-03-23 16:10 | Read:2310 | Comments:0 | Tags:Featured Articles Security Configuration Management complian

Understand and Managing Change: Why We Shouldn’t Rely on the Human Element

At some point in our lives, we have all experienced a time when we had something break, quit working, or at the very least not work the way we expected. After exhausting our personal skills in trying to figure out how to fix the problem, we end up calling the repairman – the expert that will help us get back on track.In the IT Ops and IT Security worlds, the
Publish At:2016-11-12 22:57 | Read:2277 | Comments:0 | Tags:Featured Articles Security Configuration Management Change I

Advanced Malware Detection and Response Begins at the Endpoint

It’s no secret the security community is witnessing a boom in sophisticated techniques and attack campaigns. Some of the most advanced threats circulating in the wild today leverage polymorphic malware that changes its form based upon the environment in which it activates. As a result, signature-based detection solutions have a difficult time detecting
Publish At:2016-08-29 10:50 | Read:2165 | Comments:0 | Tags:Incident Detection digital threats EDR endpoint log manageme

SCM: Balancing Security, Availability and Performance

An organization’s computer network is never fixed. It is constantly changing. To illustrate, as a company continues to grow, it might adopt a different mission that requires the installation of new endpoints onto its network. Additionally, with the detection of new exposures, security teams will need to update all critical devices running the vulnerabl
Publish At:2016-08-17 06:20 | Read:3155 | Comments:0 | Tags:Featured Articles Security Configuration Management EDR endp

Looking at Configuration Management in a Different Light

When you hear the phrase ”Information Security,” the first thing that comes to mind to most people are topics like access control, application hardening and policy enforcement. While these are all valid areas that need consideration, there’s one element that remains that is not necessarily captured by those areas – the human element.Maintaining a secure infr
Publish At:2015-11-06 02:40 | Read:2579 | Comments:0 | Tags:Featured Articles Security Configuration Management BSides W

It’s Time for Security to Embrace DevOps and SDN

According to a test I just took, I type at a speed of 94 words per minute. While typing the 92 words required for that test, I made 3 different mistakes. That’s a 3% error rate. Apparently the average error rate is about 8%.As noted in 2007 by this fascinating (well, it was fascinating to me at the time) blog on average typing speed and rates:“The impl
Publish At:2015-09-03 15:25 | Read:7418 | Comments:0 | Tags:Featured Articles Security Configuration Management breach D

Why Security Configuration Management Matters

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as applicable to IT security.Today’s cyber threat landscape is extremely challenging. This is highlighted by the length of time
Publish At:2015-09-01 10:40 | Read:4554 | Comments:0 | Tags:Featured Articles Security Configuration Management Council

unSecuring TNS Listener in 10g and Beyond

Prior to the release of Oracle 10g, the TNS Listener by default was not secured with a password. In the default state, anyone who could access the TNS Listener remotely could issue commands to it, including shutting it down. The TNS Listener had two security settings: ‘OFF’, the default state, without a password set, and ‘ON’ when a p
Publish At:2015-08-13 09:00 | Read:2214 | Comments:0 | Tags:Featured Articles Security Configuration Management 10g Auth

5 Practical Steps for Proactive Hardening of Your WS2003 Systems

If you read my previous post about Microsoft ending extended support for Windows Server 2003 (WS2003) on July 14, 2015, you’re familiar with what that means – Microsoft will not be providing further security patches, hot fixes, or software updates without a costly extended support agreement.“Many IT teams are very comfortable using Windows Server 2003
Publish At:2015-06-26 15:10 | Read:4206 | Comments:0 | Tags:Featured Articles Security Configuration Management 2015 Dat

Why Regin Malware Isn’t the Next Stuxnet

Earlier this week, Symantec issued a report about the Regin family of malware. The malware itself appears to be sophisticated enough that many security analysts and researchers believe it was developed by a government specifically for cyber espionage.This family of malware has been compared to Stuxnet; however, this is a poor comparison since Regin does not
Publish At:2014-11-27 10:45 | Read:2838 | Comments:0 | Tags:Incident Detection Security Configuration Management malware

Where Does Security Rank When Choosing Your New Language?

Here in Portland, Oregon, we just completed another OSCON conference, where functional languages received even more attention than previous years.As our system architect, I try to keep an eye on these trends, particularly if they can help our Tripwire engineers become more effective coders and most importantly, more secure coders.I found the following papers
Publish At:2014-08-10 14:08 | Read:2324 | Comments:0 | Tags:Off Topic Security Configuration Management Clojure function

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud