Executing an Effective Security ProgramAugust 12, 2018-In today’s global Internet connected and reliant IT environment, the issue of corporate networks becoming compromised is a fact. Defense in depth is still and important design pattern, but organizations with even relatively mature capabilities are relying on detection since … Continue reading →
BlockSync ProjectDecember 3, 2015-Welcome to the BlockSync Project This project aims to provide an efficient way to provide mutual protection from deemed bad actors that attack Internet facing servers. The result will be an open source set of communication tools that use established … Continue reading →
Trade offs of the terrible syslog protocolAugust 15, 2013-syslog is a very old message transmission protocol that transmits system messages across a network. The first versions of this protocol were drafted into RFC 5426. Some assumed updating the transmission to use TCP would make things better, and the … Continue reading →
Malware Investigation Tools and NotesMay 30, 2013-Investigating possible malware involves both detection and identification phases. Here are some notes regarding the tools I commonly use for these two phases .. note this is intended to be a living document so may change as I learn of … Continue reading →
Securing Apache web serversNovember 21, 2011-Great article by Pete Freitag on Securing Apache Web Servers (20 ways to Secure your Apache Configuration) Here are 20 things you can do to make your apache configuration more secure. Disclaimer: The thing about security is that there are … Continue reading →
90 Day Plan for New IT Security ManagersMarch 29, 2011-You’ve just taken over as an information security director, manager, or architect at an organization. Either this is a new organization that has never had this role before or your predecessor has moved on for some reason. Now what? The … Continue reading →
Phishing attacks getting better .. iTunes ReceiptsOctober 1, 2010-So I get a call this morning from a family member who is freaking out over a six hundred dollar iTunes invoice. Fortunately I knew this person didn't have an iTunes account (they use mine), so I knew right away … Continue reading →
Security toolsAugust 28, 2010-This is a (non-comprehensive) list of the various security tools I have used. I started this list to keep track of tools that I've tried out and the level of satisfaction with them. Obviously there are hundreds of tools that … Continue reading →
w3af web security assessment tool gets support from Rapid7August 5, 2010-Rapid7, which purchased the Metasploit attack framework last year, has agreed to sponsor the open source w3af web assessment and exploit project. This is fantastic news for web application development teams, since it shows the open source (and hence more … Continue reading →
How to secure your home PCNovember 6, 2009-Whether you have a Mac or a Windows PC, there are some basic steps you can take to reduce the risk and personal impact of a malware infection. This advise is especially impactful when you have just purchased a new … Continue reading →
Building a web security lab (with VMware Fusion)October 14, 2009-Problem: VMware machines load boot loader immediately, no BIOS banner, so can’t get into BIOS to alter boot settings. Solution: Edit the vm’s .vmx file and add the line: bios.bootDelay = "5000" which adds a 5000 millisecond (5 second) delay … Continue reading →
Electronic Health Records in AlbertaSeptember 17, 2009-Thinking of the challenges associated with creating electronic healthcare records for all healthcare users in Alberta. Typical government projects don’t have the best track record for maintaining proper security architecture, much less implementation. Starting to dig into this for my … Continue reading →
Info Sec and IT Sec books and articles of interestMay 18, 2009-Start of my InfoSec article journal and book list Not really blog worthy, but I decided to start a journal of interesting information security articles or books that I’ve found to be particularly valuable. Not all of them are publicly … Continue reading →
High availability firewalls with OpenBSD, pf and CARPMay 15, 2009-One can now inexpensively build a fault tolerant firewall cluster that removes any single point of failure in the security policy enforcement points at your security zone boundaries. Synchronous firewall state table updates and an open source version of virtual … Continue reading →
Linux iptables notesMay 15, 2009-Add local redirection of low port to unpriv high port Remove any existing entries: iptables -t nat -D PREROUTING –src 0/0 -p tcp –dport 25 -j REDIRECT –to-ports 11025 2> /dev/null iptables -t nat -D PREROUTING –src 0/0 -p tcp … Continue reading →
Reducing malware risk by removing local Administrator privilegesMay 14, 2009-Running day-to-day with a Windows account that has Administrator privileges is a recipe for disaster. Casual browsing of a website that is infected or inadvertent opening of infected attachments can result in an infection through the user’s Administrator privileges. Something … Continue reading →