NetAssassin.com

Awareness rising?

I haven't done a poll yet, but all of the WiFi APs in my condo building in LA are using strong encryption. Was this the local installer who represents the ISP that we all use (1GB link into the building with each unit get 8/8 symmetrical) or are people finally waking up to the fact that they need to at least lock their WiFi the same way they do their doors? Time will tell.

News: Scammers scrape RAM for bank card data

News: Scammers scrape RAM for bank card data - Scammers scrape RAM for bank card data [SecurityFocus News]

A very good read! Always watch your account statements and watch out for new charges. The sooner you catch it the better.

-F

Infocus: Responding to a Brute Force SSH Attack

Infocus: Responding to a Brute Force SSH Attack - Responding to a Brute Force SSH Attack [SecurityFocus News]

Great write-up by Jamie Riden on SecurityFocus. And I am sure that the SSH servers in question needed to have SSH open to the entire Internet. I mean, it would be silly to take the time to write ACLs on your firewalls only permitting SSH (or any protocol really) to have specific source addresses. In English: If I were to restrict who could try to connect (e.g. trusted people or servers) to something so important, then it would be of little value for anyone else to try to attack me. Yes, there are very sophisticated hacks where you can malform headers and abuse sources to get around filters, but at least you raised the bar and the least common denominator isn't a kid with a scripted program. Now your IDS/IPS can detect real hackers and not the masses of drones.

I often review very interesting, and sometimes very sophisticated, security systems for VC investors. And like Jamie's article, they address the lack of basic principles with high-cost and high-skill requiring systems. Don't get me wrong, these items are needed in conjunction with basic principles... but far too often people rely on them too much.

For example: If I were coaching football (The American kind.) I would spend time inculcating basic blocking and tackling long before I would have the team learning super complicated plays and tricks to stop this week's opponent. Even after the basics are learned, they need to be reviewed. That is a part of every good security practice, and awareness of the basics and primary principles is what NetAssassin is all about.

Test Blog and Twitter Feed

Sorry please ignore this.

Syndicate content