Recently, I read a RFP issued by a customer. The main topic focused on a perimeter security but a paragraph mentioned the protection of SCADA environments. I’ve no practical experience with SCADA and I tried to find relevant information about the deployment of security solutions in such environments. Here follows
Category: Security
Applications White List by ISC/NIST
In security, when you have to restrict access to “resources” (websites, files, IP addresses, ports, etc), you can deploy while or black lists. The term “white list” refers to a list of resources which are allowed or granted. At the opposite, a black list refers to resources which are denied
BruCON 2010 CFP Announced!
After a great first edition in 2009, BruCON will be back in 2010! Two days of trainings and two days of talks. The Call for Papers (CFP) has been announced and will remain open until 30th of April 2010. Submit directly your propositions via the dedicated tool, here.
Importing Secunia Advisories into a SIEM/OSSEC
Secunia is a security company which, amongst other activities, maintains a huge database of vulnerabilities. On their website, they describes their business like this: “Secunia collects, evaluates, verifies, and analyses security information. This security information is available through our databases and is distributed to our customers, segmented according to their
Show Me Your Browser, I’ll Tell You Who You Are!
To surf the web, you need a specific application: a browser. Today, this piece of software is delivered by default with all operating systems and becomes more and more used, even for non-related Internet stuff (Lot of applications or devices are manageable using a web interface). For some companies, the
OWASP & ISSA Belgium Chapter Meeting
I’m back from the last OWASP (organized together with ISSA) Belgium Chapter meeting. As usual, good times with friends from the Belgium Security landscape ;-). Two topics were covered today. First GreenSQL, a database firewall, then an overview of the mobile malwares by Mikko Hypponen. Almost one year to the
Data Protection Day 2010
The 2010 edition of the Data Privacy Day will be held on the January, 28th. This initiative has a dedicated website: dataprivacyday2010.org. The goal is to create more awareness about your online privacy: “Data Privacy Day is an international celebration of the dignity of the individual expressed through personal information.
ISSA Belgium Chapter Meeting: Introduction to OSSEC
Back from the first ISSA Belgium Chapter Meeting of 2010. Today’s topic was “Introduction to OSSEC : Log Analysis and Host Intrusion Detection“. A very interesting topic for me. First because I’m involved in lot of SIEM projects. But especially because Wim Remes, the speaker, is a friend of mine.
Yellow? Green? Red? The Security Rainbow Sky…
There was an interesting post on the diary page of isc.sans.org yesterday: Some readers asked why ISC did not switch the InfoCon status to yellow due to the recent IE 0-day exploit. The on-duty ISC handler explained the situation and why they decided to stay “Green”. The following question popped
Adding Data Leakage Protection into Apache
Data leakage is a major risk for many organizations today. As more and more data are used in a digital format, it’s easy to copy them or send them outside the security perimeter. Leaked data can have a major impact on the business (loss of revenue, loss of confidentiality or