Home/Tag: Network Security

So, you got a pentest. Now what?

How to progress toward a truly secure organization and infrastructure after penetration testing.

You did it – you paid for penetration testing services.

Whether it was to fulfill a potential client’s request, satisfy your interest or to be compliant with some framework, you tested the mettle of your environment against white-hat hackers and came out the other side, report in-hand and next steps […]

By |2020-01-23T15:44:56+00:00December 9th, 2019|Penetration Testing|0 Comments

An Introduction to Active Defense

Global research and advisory firm, Gartner, forecasts that information security spending will exceed $124 billion in 2019, yet cyber defenses continue to fail. Organizations large and small continue to experience breaches of all varieties resulting from zero-day exploits, failures in vulnerability patching, and phishing.

The market has responded with a variety of security governance and control frameworks including CIS 20, ISO 27001, […]

By |2020-01-31T01:10:36+00:00November 18th, 2019|Cyber Risk Management, Penetration Testing|0 Comments

Securing Enterprise Networks with Port-Based Network Access Control

One of the biggest threats facing enterprises are outsiders plugging directly into an Ethernet port and being granted instant, unauthenticated access to the network. This threat is especially common in hospitals where there is heavy use of computer systems mixed with untrusted outsiders roaming the halls.

Shutting down unused ports is the traditional mitigation. Still this […]

By |2020-01-17T21:17:50+00:00February 6th, 2019|Cyber Risk Management, IT Audit & Compliance|0 Comments

Differentiating Penetration Tests, Vulnerability Scans, and Risk Assessments

Penetration testing has become another hot, and often misused term in the marketplace, joining the ranks of other buzz words such as “Cybersecurity”, “Hacker” and “The Cloud”. Often times, organizations confuse penetration testing with vulnerability scans or security posture assessments (a.k.a risk assessment).

While penetration testing does include utilizing vulnerability scans and overlaps with security posture assessments, penetration testing encompasses a number […]

By |2020-01-17T21:21:48+00:00November 25th, 2015|Cyber Risk Management|3 Comments

Are Penetration Tests Worth the Risk?

I have had several conversations with executives recently about the role of penetration testing and whether or not penetration testing is worth the risk? There seems to be two schools of thought on this issue. One side argues that pen testing is inherently more risky than the risk it’s trying to mitigate, the other side calls it necessary for security hardening. Here […]

By |2020-01-17T21:22:00+00:00October 27th, 2015|Cyber Risk Management|3 Comments

AppLocker: An Alternative to Anti-Virus

50ac43b6-e7ad-4c48-9d71-003d2e17d1f7Last week I had a fun IT security conversation with a client where we kicked around the idea of how we’d harden an enterprise environment so that anti-virus software wasn’t necessary. (These conversations are why I love IT Audit!)

While there are multiple solutions that would need to be in place to go anti-virus free, […]

By |2020-01-17T21:27:10+00:00February 5th, 2015|Cyber Risk Management|3 Comments

Block Unwanted Internet Traffic with a HOSTS File

One of the most common questions I am asked by my less-than-tech-savvy friends and colleagues  is “How do you keep your computer from getting viruses?”

In reality, there are a lot of things you can do to avoid getting computer viruses. Perhaps the most effective is educating yourself about how viruses are actually spread and changing your browsing habits. Then there is the plethora of […]

By |2020-01-17T21:27:15+00:00January 15th, 2015|Cyber Risk Management|4 Comments

Your Home Router Could Be Vulnerable

Photo from Belkin.com.

A major vulnerability in the Belkin n750 router could allow hackers to activate the guest network functionality and join your network without any authentication requirements.

How to fix the vulnerability

Fortnuately, Belkin has already patched the issue so the only thing you need to do to solve the problem if you own a Belkin n750 is […]

By |2020-01-17T21:29:17+00:00November 20th, 2014|Cyber Risk Management|2 Comments

What is a Stateful Firewall

Stateful refers to the “state” of the connection between the outside internet and the internal network. A stateful firewall keeps track of the connections in a session table. When a packet comes in, it is checked against the session table for a match. If a match is made, the traffic is allowed to pass on to its destination.

Older firewalls (Stateless) relied […]

By |2020-03-09T00:59:48+00:00November 6th, 2014|Cyber Risk Management|2 Comments