How hard is Security+?

How hard is Security+?

Many jobs require Security+, and even if a job doesn’t require it, having Security+ can help you break into your first security job. So how hard is Security+?

Even if you don’t work in security, but work with security, say, as a system administrator, having Security+ is helpful, as it can help you understand why a security analyst is asking for something. When you understand motive, then the relationship can move from following orders to something more collaborative, which is always a good thing.

Read more

The update is already installed on this system

The update is already installed on this system

I had an update on my system in a partially installed state. Our vulnerability scanner determined one file, MSO.dll, was still out of date. It recommended a patch to apply. Running it gave me an error message. Here’s what to do when Windows says the update is already installed on this system and refuses to let you do anything but click OK.

Because hey, from a security analyst’s point of view, this is anything but OK. I get questions about patches in a partially deployed state all the time, so I figured I’d write about it.

Read more

Finding and blocking an abusive host from your Apache log

Finding and blocking an abusive host from your Apache log

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Read more

Watering hole attack prevention

Watering hole attack prevention

A watering hole attack is an indirect attack on a victim. Rather than directly attacking the victim’s network, the attacker attacks a web site that the victim’s employees are likely to visit. Then the attacker attacks the victim’s network, via its own workstations, from that web site. A former colleague asked me how you protect against watering hole attacks, and I thought this was a good exercise. So here are some strategies for watering hole attack prevention.

Read more

Vulnerability scanning best practices

As a vulnerability management professional, I talk about vulnerability scanning best practices a lot. There’s a lot more to vulnerability management than just scanning, but if you don’t get scanning right, the rest of the program suffers.

I’m going to talk about a lot of technical controls here, but don’t forget the nontechnical side. People and processes have to support all technology.

Read more

Chip won’t work on your credit card? Try this.

Chip won’t work on your credit card? Try this.

If you’re standing at a checkout and the chip won’t work on your credit card, don’t give up right away. Here’s what to do when you swipe but can’t complete your purchase because your chip doesn’t work.

Chips are a new security feature, but it’s hard to appreciate them when a broken chip keeps you from completing your purchase. It happened to a longtime friend, and another friend of his provided a solution. I had to share it, because I know it will happen to others.

Read more

Common security attacks and countermeasures

As a security professional, I talk to a lot of people about common security attacks and countermeasures. I’m not always certain the people I’m talking to know what these things mean. I am almost certain they aren’t willing to ask.

I know it’s more complicated than it was when I took my Security+ exam a decade ago. The stakes are much higher now. The attacks I had to identify caused inconvenience, but someone conducting a successful smurf attack on your printer won’t get you in the headlines. Today’s attacks will.

Read more

WordPress Appliance - Powered by TurnKey Linux