April 15, 2009 7:01 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
Data Breaches,
PCI DSS,
Security DevicesYesterday Wired released a story that reveals a startling detail about the TJMaxx data breach: hackers were able to cash in on stolen debit cards because they had a way to crack PINS.
This "minor detail" was buried in an affadavit...
April 1, 2009 12:45 AM
Posted by: Arian Eigen Heald
Data Breaches,
information security,
Security DevicesHow many rules do you have in your firewall? How many rules allow access directly into your network? How many rules allow ANY/ANY?
The more rules you have in your firewall rulebase, the higher your risk of allowing attackers in. I'm not talking about opening access to your webserver in the...
December 28, 2008 3:14 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
Admins and Auditors,
Compliance,
Hardware & InfoSec,
IT audit,
Security Devices,
TCM (Truly Clueless Management),
Tools & Tricks of the Trade,
Tools for Auditing and SecurityOK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many).
Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...
December 11, 2008 5:27 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
DataManagement,
Hardware & InfoSec,
Identity theft,
Security Devices,
Stupid TechnologyDid you know that a store that puts in an ATM for customer use also provides a daily log of transactions to the owner? The log includes the Bank name, last four numbers of the account, the customer name, and the transaction.
So if I do an account balance request, that comes up in the log. ...
September 23, 2008 3:15 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
IT audit,
Microsoft Windows,
Security,
Security Devices,
Tools & Tricks of the TradeI've noticed a definite tendency for organizations to move to monitoring network traffic with their Intrusion Detection Systems. It's a lot easier than trying to update a host IDS service/agent and keeps the increased CPU at the monitor, where it belongs. Also, host agents are limited by what the...
August 25, 2008 6:33 PM
Posted by: Arian Eigen Heald
Data Breaches,
Database,
Database security,
Identity theft,
Security,
Security DevicesVisited Europe in the last year and used a Best Western Hotel? Your credit card, expiration date, the company that employs you, your name, address and future bookings may be in the possession of a Russian Mafia website. An enterprising Scottish newspaper, the Sunday Herald, noticed on Thursday...
August 5, 2008 4:46 PM
Posted by: Arian Eigen Heald
Automatic Theft Machines,
Eigen's Rules of Thumb,
Hardware & InfoSec,
Identity theft,
Security,
Security DevicesIt's absolutely fascinating (in a nerve-wracking sort of way) to read about how many different ways there are to use ATMs to capture (and steal) accounts and PIN numbers. From there, it takes very little time to create a fraudulent card and spend what you can before the bank catches up. It's a...
May 29, 2008 1:44 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Security Devices,
Steps to an Easy Audit,
Tools & Tricks of the TradeWho guards the guardians? Good IT governance mandates oversight of all IT functions. The firewall tends to be neglected, because it appears to be such a back-office function that only engineers or admins actually see and work on.
However, it is one of the most critical pieces of the IT...
May 26, 2008 12:05 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
IT audit,
Security,
Security Devices,
Steps to an Easy AuditWhen all is said and done, a configuring a firewall comes down to creating a set of rules. Firewalls are bi-directional - they control traffic going out (outbound) to the Internet (or the DMZ) and they control traffic coming in (inbound) to the network or the DMZ. You are configuring for WHO,...
