Government Information Security in the Age of Sequester

Applauding the Lieberman-Collins CyberSecurity Bill

The proposed Lieberman-Collins bill S 3480 “Protecting Cyberspace as a National Asset Act of 2010” has been criticized in the mainstream media as insufficient for securing US infrastructure from cyber attacks. The critics don’t seem to realize that the legislation is not intended to be an all-encompassing bill. Securing cyberspace will require more than a single piece of legislation. This bill represents no small step, and in light of the present threat environment it’s a great beginning.

Tips to Improve IT Security Posture

Your Top IT Vulnerability?

Hackers, as part of their initial intrusion, will extract all of the passwords stored and used on the compromised machine, decrypt them at their leisure (see Rainbow Attack), and then come back into a company’s systems via the initially compromised machine and use these credentials to access virtually every system in the company. From there, the attacker can plant more collection software in a matter of minutes. This is known as the common administrator password flaw, and this is how the famous Conficker virus spread.

Securing Data in the Cloud

Safeguarding a cloud infrastructure from unmonitored access, malware and intruder attacks grows more challenging for service providers as their operations evolve. And as a cloud infrastructure grows, so too does the presence of unsecured privileged identities

Regulatory Compliance Is Not Security

Security awareness operates on a principle where companies are only willing to fix their problems when they are being fined, or when their lack of security lands them in the newspaper. But, just as memories fade in time, the commitment to security fades quickly when breaches blow over and everyone moves on. Hopefully, more companies will begin to realize that regulatory compliance and IT security are not necessarily the same things.

Lessons from the Google-China Controversy

It is the height of arrogance for a company to set up business in China, or any other foreign country, and fail to respect the laws and customs of that country. China has the right and obligation to do what it feels is in the best interests of its citizens and Google has no right to impose its “moral” values on China’s citizens. For example, if China requires web filtering and Google does not wish to comply, Google cannot complain about the repressive nature of China to the United States government, while at the same time reaching into the pockets of advertisers to enrich itself on this same web traffic.

Is Your Datacenter Kill Switch Exposed?

Is Your Datacenter Kill Switch Exposed?

Default passwords for these powerful, out-of-band devices are seldom changed and widely published. [For example, Dell cards use the default password calvin.] This means that anyone with network access and malicious intent can login and power down your datacenter hardware.

No Picture

Financial Data Breaches Come As No Surprise

The poor state of security at banks and financial institutions continue to make headlines, with cases like the HSBC breach bringing embarrassing attention to this already beleaguered industry. This problem is the result of a fragmented feudal system of homegrown IT development that has evolved over the last 30 years, though not for the better.