HackingTheUniverse

You are browsing the archives of security.

Situational awareness is one of the most difficult things to get right in doing cloud security, and hand in hand with that goes inventory awareness. To understand why, take a look at the layers involved with cloud security: Facility physical environment – the building and physical environment in which the data center infrastructure resides Infrastructure [...]

The most fundamental reason to interconnect systems is to share data, but that can be accomplished at a variety of levels. A system interconnection can be limited and simple, using email to transfer data between systems, or it could allow two databases to share data. It can be a connection that is only used when [...]

For several years, reports of ATM skimmer devices have been increasing. These devices are usually designed to fit over the card receptacle on an ATM machine or gas pump or other form of debit/credit card reader. They intercept the card data and may also collect the pin number entered and save the data for thieves [...]

This is a new resource that will most likely, with all the resources and brilliant security minds that SANS can bring to the table, grow in value significantly over time. Keep an eye on this list.   SANS Blogs – [sans.org] SANS has created a handful of blogs that are custom-tailored to computer and network [...]

Can a group of distributed intelligent agents collaborate well enough to provide situational awareness information that helps protect a network? Oak Ridge explores cybots Imagine being able to deploy an army of software robots intelligent enough to cooperate with one another to monitor and defend the largest networks. Instead of independent devices doing a single [...]

Shmoocon.org Before Shmoocon: I absolutely hate the Shmoocon ticketing process! Every year, I have to wait with great anticipation for the magical ticketing hour and then bang like crazy on my keyboard and mouse to try to get a ticket and then wallow in anxiety for a while, not knowing if anything went through and [...]

Insecure best tools list Security Tools Database

After the baseline of security controls have gone through the tailoring process of: scoping guidance, compensating controls and organizationally defined parameters, it is possible that additional controls or enhancements may be needed in order to mitigate the risk that has been assessed. It is also possible to simple add restrictions to already existing controls. There [...]

NIST SP 800-53 sets terms and conditions for tailoring the security control baseline to organizational and operational needs.   There are three specific areas addressed as follows: Scoping Guidance Compensating Controls Organizationally Defined Parameters Scoping Guidance offers considerations on how individual security controls are applied and implemented. The following areas are discussed: Common Controls Common Controls [...]