For a while, it looks that “Fraud detection” is a hot-topic for many SIEM vendors (“Security Information and Event Management“). Recent presentations or webcasts I attended had always some time dedicated to “fraud”! The vendors can’t be blamed to find new opportunities to sell their products. Today they are solutions
Month: March 2010
Close the Security Holes in your Firewalls!
Who is not protected by a firewall today? Nobody! Our Internet (as well as local) traffic is inspected by multiple firewall layers. They are present everywhere: on Internet gateways, in front of data-centers, between departments, even your workstation is running a firewall. For a few years, a new type of
InfoSecurity, (ISC)2, ISACA, My Security Marathon
This week is a real security marathon. I was in London yesterday but came back to Belgium too late to attend the ISSA Belgian Chapter meeting. The invited speaker was a great one: Chris Hoff. According to friends, it was great! Today was also the first day of the InfoSecurity.be
Security Policies Must Be Enforced!
Last week, I had a very interesting meeting with the Belgian FCCU (“Federal Computer Crime Unit“) about the security of “public” networks. The FCCU is the Federal Police division involved in all kind of computer forensics investigations. By the way, they also have their own Linux live-CD called “Lnx6N4” which
HADOPI in Belgium, a new Don Quichotte Story?
After an HADOPI law voted in France, other countries follow the same example. A politician is trying to introduce the same system in Belgium as an attempt to fight the exchange of illegal material on the Internet (via peer-to-peer networks). For those who aren’t aware of the HADOPI law, it
Detecting USB Storage Usage with OSSEC
Next step in my investigations with OSSEC. The possibilities of OSSEC are awesome and could clearly, in some case, replace a commercial log management solution! After collecting the Secunia vulnerabilities into OSSEC, I switched to the “dark side”: the Microsoft Windows agent. The USB sticks are very popular at users
OpenSSH New Feature: “Netcat mode”
The new version (5.4) of OpenSSH has been released early this morning. OpenSSH is THE free implementation of the SSH protocol available on common devices and operating systems. The primary goal of OpenSSH is to allow remote access to hosts for management purpose. But many other features make OpenSSH a
SCADA, from a Security Point of View
Recently, I read a RFP issued by a customer. The main topic focused on a perimeter security but a paragraph mentioned the protection of SCADA environments. I’ve no practical experience with SCADA and I tried to find relevant information about the deployment of security solutions in such environments. Here follows