My second training week in London is done. This was a bootcamp organized by a well-known company active in log management solutions. Of course, the training focuses mainly on their own products but some reviewed principles are totally independent of any software or hardware solution and be can applied to
Tag: Security
Stupid Compiler? Not sure!
A nice story reported by ISC today! A Linux kernel vulnerability has been discovered in the Linux kernel (and was present for a while IMHO!) The vulnerability origin was not the “human being the keyboard” but the compiler! GCC, the GNU C compiler has lot of optimization features (If you
Virtual Money with Real Risks?
The financial group ING announced a partnership with NetLog, the Belgian social network website. On a marketing point of view, this is a good action to attract young potential customers. ING (one of the top-3 bank in Belgium) will catch them on Netlog hoping that, later, they will switch to
Use the Right Words!
Security awareness messages must target the right persons. But they need to target them using the right words! Be sure to adapt your messages to keep them understandable by all your audience.
CERT-in-a-Box
Computer Emergency Response Teams (or “CERTs”) are organizations that handle security incidents related to computers and networks. A CERT can be deployed to support private networks (example: in a multi-national company or an organization like NATO which operates its NCIRC) or organized by federal authorities in regions or countries. CERTs
Sea, Sun, Holidays and… Logs
I’m writing this post in my garden, 22:15 still 23°. Yes, it’s summer time! Soon, a lot of admins and security professionals will leave their office to go to the beach. Here are some tips for enjoying a safe comeback: 1. If you configure an auto-responder (classic behavior in big
Example of Security Awareness
This picture has been taken in an industrial environment but could fully match in IT security too! For those who don’t speak French nor Dutch, it says: “Your principal safety responsible is in front of you“. Stickers are placed on mirrors in the toilets. Let’s imagine the same security awareness
Monitoring is (Also) a Process!
A well-know Bruce Schneier’s citation is “Security is a process, not a product“. Monitoring your infrastructure is fully part of your security policy. You don’t have only to deploy security blocks (applications, servers, appliances, …) to build your security perimeter(s), you also need to take care of them via monitoring
RSA Software Token for iPhone
Since the 6th of June, a great application is available (for free) in the AppStore. RSA released an iPhone version of its software token! I already spoke about strong authentication on this blog. To resume, strong authentication is achieved by mixing at least two different types of authentication methods from
Do You Trust Your Framework?
Frameworks are developer’s best friends. Frameworks are sets of libraries, scripts or piece of code reusable by developers. To make things more simple, why re-invent the wheel? There exist frameworks for all development platforms like .Net for Microsoft IIS or Zend for PHP. ZionSecurity, a Belgian security firm, released a