Making Security Great Again

great-again

Since October was Cyber Security Awareness month, we decided to look at what’s holding back our efforts to make security—to coin a phrase—“great again”. In this episode of the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Mike Buckbee – shared their thoughts on insider threats as discussed on a recent Charlie […]

Continue Reading →

Definitive Guide to DNS TTL Settings

nslookup

DNS is a foundational piece of technology. Nearly every higher level network request, all internet traffic, web searches, email, etc. rely on the ability to resolve DNS lookups (translate names like some.domain.org to IP Addresses or other domains). We wanted to write about Time To Live (TTL) as most Sysadmins don’t interact with DNS configurations […]

Continue Reading →

Overheard: “IT security has nothing to learn from the Mirai attack”

leaky-faucet

After my post last week on the great Mirai Internet takedown of 2016, I received some email in response. One of the themes in the feedback was, roughly, that ‘Mirai really doesn’t have anything to do with those of us in enterprise IT security’. Most large companies probably don’t have hackable consumer-grade CCTV cameras or […]

Continue Reading →

Data Privacy Attorney Sheila FitzPatrick on GDPR

sheila-fitzpatrick

We had a unique opportunity in talking with data privacy attorney Sheila FitzPatrick. She lives and breathes data security and is a recognized expert on EU and other international data protection laws. FitzPatrick has direct experience in representing companies in front of EU data protection authorities (DPAs). She also sits on various governmental data privacy […]

Continue Reading →

The Mirai Botnet Attack and Revenge of the Internet of Things

bots-pexel

Once upon a time in early 2016, we were talking with pen tester Ken Munro about the security of IoT gadgetry — everything from wireless doorbells to coffee makers and other household appliances. I remember his answer when I asked about basic security in these devices. His reply: “You’re making a big step there, which […]

Continue Reading →

When Security Is Low, How Do We Go High?

Processed with MOLDIV

Our inspiration for this week’s show was Michelle Obama’s popular catchphrase, “When they go low, you go high.” Don’t worry, our next episode will also have a fun Republican catchphrase. In this episode, the Inside Out Security Show panel – Kilian Englert, Kris Keyser, and Forrest Temple – discussed how low the security of our favorite […]

Continue Reading →

The Difference Between Share and NTFS Permissions

caution

Last week when I wrote about managing privileged accounts, I knew I had to write about share and NTFS permissions. Understanding the difference is critical to sharing local resources with others on the network.  They function completely separate from each other but serve the same purpose – preventing unauthorized access. Share When you share a […]

Continue Reading →

SQL Server Best Practices, Part II: Virtualized Environments

lion

This is a multi-part series on SQL Server best practices. Read part I here. It is 2016 and some people still think SQL Server cannot be run on a virtual machine. SQL Server can successfully run in a VM but SQL is resource-intensive by nature and so if you are going to virtualize SQL then […]

Continue Reading →

VIP Data Security Lessons From the Hack of Colin Powell’s Personal Email Account

neuschwanstein-castle-germany-disney-40735

Are C-levels, high-government officials, and other power elite really all that different than the rest of us? We now know after email hacks involving former Secretary of State Colin Powell’s Gmail account, former CIA director John Brennan’s AOL account, and the Gmail account of John Podesta, a top advisor to the Democrats, that they are, but not for the […]

Continue Reading →

How to Manage Your Privileged Accounts and Protect Your Crown Jewels

gold-ingots-golden-treasure-47047-large

When a breach happens, the first question people ask is, “What did the company do wrong?” The short answer is: it depends. However, we do know one mistake many companies unknowingly make is allowing regular users access to the local administrator account. And hackers take advantage of that. “Hackers are trying to get in, and […]

Continue Reading →

HIPAA and Cloud Provider Refresher

cloud

As far as regulators are concerned, the cloud has been a relatively recent occurrence. However, they’ve done a pretty good job in dealing with this ‘new’ computing model.  Take HIPAA. We wrote that if a cloud service processes or stores protected health information (PHI), it’s considered in HIPAA-ese, a business associate or BA. As you […]

Continue Reading →