Sister CISA CISSP:

Tools for Auditing and Security


November 30, 2009  8:17 PM

Consensus Audit Controls Released – That are Actually Useful!



Posted by: Arian Eigen Heald
Admins and Auditors, Tools for Auditing and Security

If you're like me, if you see/or hear about one more "set of controls," "baselines," "standards" or "frameworks," you'll tear your hair out. And scream For my money, the

September 9, 2009  11:03 AM

New Aircrack Just Released



Posted by: Arian Eigen Heald
free tools, information security, Tools & Tricks of the Trade, Tools for Auditing and Security, Wireless

If you're like me, you're always hunting for the free tools out there you can add to your arsenal to keep (or in my case, test) the security of your network. Just out, a great addition to my toolset, is a new update to the well-known tool, aircrack-ng...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


August 30, 2009  12:46 AM

Securing ALL Your Web Services



Posted by: Arian Eigen Heald
Admins and Auditors, information security, Tools for Auditing and Security

A number of commentators, notably IBM's Kris Lamb, have reported that malicious code is no longer limited, for the most part, to p0rn and other sleazy websites. Hackers are targeting the...


May 21, 2009  6:19 PM

A Free Tool for Testing Your Firewalls and Routers



Posted by: Arian Eigen Heald
firewalls, routers, Security Devices, Tools & Tricks of the Trade, Tools for Auditing and Security

I see a LOT of firewall configuration files and router configuration files. It's the bane of my auditor's existence to read through a PIX firewall config (up to 500 pages of a text file). After the 35th page of text, you could drive a truck through that firewall while I tried to wake up. Plus,...


May 18, 2009  3:08 PM

Looking for Some Good (and FREE!) IT Policy Templates?



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, information security policy, IT Compliance - Policies, security policies, Tools & Tricks of the Trade, Tools for Auditing and Security

Thanks to an email, I've come across a great website to offer you when it's time to go looking for some good policy templates. SANS, the be-all end-all of security training, has organized a website that offers us


April 10, 2009  8:28 PM

A DAM Good Idea



Posted by: Arian Eigen Heald
Admins and Auditors, Database, DataManagement, Tools for Auditing and Security

(Sorry, I apologize for using an acronym, but I couldn't resist.) Whenever the subject comes up of logging activity in a database, immediately the complaints of "Too much overhead!" can be heard. Everybody thinks it's a good idea in theory, but from a practical standpoint, it adds a lot of...


December 28, 2008  3:14 PM

Securing the Security Devices



Posted by: Arian Eigen Heald
"How Do You Know?", Admins and Auditors, Compliance, Hardware & InfoSec, IT audit, Security Devices, TCM (Truly Clueless Management), Tools & Tricks of the Trade, Tools for Auditing and Security

OK, so you've bought the glow-in-the-dark, meets all the compliance requirements and looks really shiny "security solution" from a vendor (one or many). Or maybe your management has bought it and presented it to you as a fait accompli. (Hope I'm spelling that fancy French right!) And of course...


October 28, 2008  3:08 PM

More on Cell Phone (IN)Security



Posted by: Arian Eigen Heald
Hardware & InfoSec, Mobile, Tools & Tricks of the Trade, Tools for Auditing and Security

I'm having very mixed feelings, I must say, on what I've been reading about accessing information from cell phones. On the one hand, in my line of work, which occasionally includes forensics, I'm pleased to see new tools come out that make my job that much easier. The Cell Seizure Investigator...


October 23, 2008  4:41 PM

Physical Security Part II



Posted by: Arian Eigen Heald
Admins and Auditors, DataCenter, Hardware & InfoSec, Security, Tools for Auditing and Security

The most secure Data Centers I've seen utilize electronic access cards of some type that have a good reporting mechanism, right down to which door. Of course, these systems don't do you a bit of good if no one looks at the logs, but that seems to be the exception, rather than the rule. Thank...


October 6, 2008  8:19 PM

Auditing iSeries



Posted by: Arian Eigen Heald
Admins and Auditors, AS/400, Compliance, IT audit, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

IBM's system iSeries are some of the most solid server systems around. Formerly (and by some, still called) the AS400, those servers are at the top of the food chain for reliability and stability. DB2, the native database system for iSeries, is as solid as a rock, and powers many of the banking,...