Archive for security

You are browsing the archives of security.

ATM Skimmers

For several years, reports of ATM skimmer devices have been increasing. These devices are usually designed to fit over the card receptacle on an ATM machine or gas pump or other form of debit/credit card reader. They intercept the card data and may also collect the pin number entered and save the data [...]

SANS Blogs

This is a new resource that will most likely, with all the resources and brilliant security minds that SANS can bring to the table, grow in value significantly over time. Keep an eye on this list.
 
SANS Blogs - [sans.org]
SANS has created a handful of blogs that are custom-tailored to computer and network security. If you [...]

Cybots Monitor Network

Can a group of distributed intelligent agents collaborate well enough to provide situational awareness information that helps protect a network?
Oak Ridge explores cybots
Imagine being able to deploy an army of software robots intelligent enough to cooperate with one another to monitor and defend the largest networks. Instead of independent devices doing a single task and [...]

Shmoocon 2009

Shmoocon.org
Before Shmoocon:
I absolutely hate the Shmoocon ticketing process! Every year, I have to wait with great anticipation for the magical ticketing hour and then bang like crazy on my keyboard and mouse to try to get a ticket and then wallow in anxiety for a while, not knowing if anything went through and usually end [...]

Lists of tools

Insecure best tools list
Security Tools Database

Supplementing Controls

After the baseline of security controls have gone through the tailoring process of: scoping guidance, compensating controls and organizationally defined parameters, it is possible that additional controls or enhancements may be needed in order to mitigate the risk that has been assessed. It is also possible to simple add restrictions to already existing controls. [...]

Tailoring Controls

NIST SP 800-53 sets terms and conditions for tailoring the security control baseline to organizational and operational needs.   There are three specific areas addressed as follows:

Scoping Guidance
Compensating Controls
Organizationally Defined Parameters

Scoping Guidance offers considerations on how individual security controls are applied and implemented. The following areas are discussed:

Common Controls
Common Controls are controls that protect more [...]