Sister CISA CISSP:

May, 2008

1

May 29, 2008  1:44 PM

Firewalls Part IV – Quis custodiet ipsos custodes?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Who guards the guardians? Good IT governance mandates oversight of all IT functions. The firewall tends to be neglected, because it appears to be such a back-office function that only engineers or admins actually see and work on. However, it is one of the most critical pieces of the IT...

May 26, 2008  12:05 PM

It’s Not Your Mother’s Firewall Anymore – Part III

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

When all is said and done, a configuring a firewall comes down to creating a set of rules. Firewalls are bi-directional - they control traffic going out (outbound) to the Internet (or the DMZ) and they control traffic coming in (inbound) to the network or the DMZ. You are configuring for WHO,...


May 23, 2008  6:55 PM

It’s Not Your Mother’s Firewall Anymore – Part II

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

There are some amazing firewall appliances out there - application-level firewalls that monitor for web attacks, intrusion prevention features where the...


May 23, 2008  12:20 AM

It’s Not Your Mother’s Firewall Anymore – Part I

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

In the northern part of Maine, (north of Portland, where I live) folks go about their business without locking their doors or even leaving their cars running while they go into the store. (When it's -10 degrees, it's good to have the car run a little more). This describes the fundamental trust the...


May 15, 2008  5:54 PM

Steps to an Easy Audit (3) – Compensating Controls

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

These two magic words should be in every network manager and system engineer's lexicon. It's your get-out-of-jail (not necessarily free) card with an IT Auditor. Every IT shop has an application, a device, a configuration that breaks good security rules and usually corporate policy, as well. ...


May 13, 2008  4:38 PM

Steps to an Easy Audit (2) – Where’s the Beef, ah, I mean, Data?

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Remember that commercial (I'm dating myself, I know) where the little old lady lifts the top of the burger bun and says, "Where's the beef?" All things considered, we have to ask the same sorts of questions about data. Usually we're...


May 8, 2008  3:21 PM

Steps to an Easy Audit: Standardizing Patch Management

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Many of my clients ask me what is the best way to deal with applications and operating systems that need to be patched frequently (like Microsoft’s monthly “Patch Tuesday”). Industry best practices have emerged in some simple steps that can work in almost any size organization: 1. ...


May 5, 2008  8:52 PM

Five Myths About Compliance

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Compliance: The state of conformity of a regulated party (including a corporation, institution, individual or other legal entity) with a legislative or regulatory requirement or a recognized standard. 1. If we’re compliant, that means we’re secure. Would that...


May 1, 2008  5:16 PM

Tips for Admins: How (NOT) to Have an Good IT Audit

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Over the years, I've gotten used to the people I "visit" trying really hard not to make faces when I'm introduced. Nobody likes to see an auditor roll in the door. I try to make it as easy as possible, and whatever I can to fit into the schedules of busy engineers and managers. But I've also...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: