Information Security in Today's Digital Culture
Header

Logjam Vulnerability

May 21st, 2015 | Posted by Steven Anderson in Monitoring | Security | SIEM - (0 Comments)

The TLS protocol is the current standard for secure communication over the Internet and until now had been considered to be highly secure. A recent discovery of Logjam, a vulnerability that spawns results similar to that of FREAK (Factoring Attack on RSA-EXPORT Keys) affects 8.4% of the top one million web domains. Like FREAK, Logjam …
Read more

Most organizations are going to experience a computer security incident each year. Those organizations that don’t experience an incident only avoid doing so by being blind to what is going on in their information systems. If you are even casually looking at your computers and networks, you will find incidents. Brett EdgarBrett is a Founder …
Read more

The latest Microsoft Security Intelligence Report (Volume 11) has been released and contains some interesting information that Microsoft has collected from the execution of its Malicious Software Removal Tool (MSRT) and Internet Explorer SmartScreen® data.  Several of the results confirm what those of us in the network security monitoring community already know: Java is the …
Read more

On Centralized Logging and SIEM

September 23rd, 2011 | Posted by Brett Edgar in Logs | Monitoring | SIEM - (0 Comments)

The results of the investigation into the recent DigiNotar SSL CA breach reads like a laundry list of “Things Not To Do™” on your critical servers and networks: no antivirus, no centralized logging, and outdated/vulnerable software exposed to the Internet, among other items.  What’s funny about the above list is that if the breached systems …
Read more

In a previous article, I mentioned two firewall rules that every network should have: blocking outbound DNS (udp/53 and tcp/53), and blocking outbound SMTP (tcp/25). I’d like to suggest a few more rules to add to that list. The first rule to add is blocking of outbound Windows NetBIOS/SMB/RPC requests. Windows networking requests should never, …
Read more