Free FSU Online Security Classes : Offensive Computer Security

FSUCS1

The Computer Science department at Florida State University is offering free computer security class lectures. You can find the entire CIS4930 and CIS5930 courses online HERE. These are the Spring 2014 classes so the content is pretty current. There are 26 lessons ranging from lock picking to launching attacks with Metasploit. Videos include lecture slides to download. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Announces Intent to Acquire Neohapsis

Neo1

Cisco announced yesterday that they intend to acquire Neohapsis. Neohapsis is a security, risk and compliance company, which is a very interesting move by Cisco. Many people not only want data from security reports, but also desire how that data will impact their business. This means how changes or risk can impact compliance to mandatory regulations as well as how much impact could a vulnerability have to a system. Neohapsis is a services based company so this seems to be a security services play yet could also trickle in Cisco products.It would be really cool to see more compliancy based reporting in future Cisco products as an outcome of this acquisition.

You can find more about Neohapsis HERE.

The official announcement from Cisco can be found HERE.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Lets Encrypt Free Certificate Authority This Summer

letsE1

The Internet Security Research Group (ISRT) along with Mozilla Corporation, Cisco Systems, Akamai Tech, Electronic Frontier Foundation and IdenTrust will be offering a new free certificate authority service this up coming 2015 summer (learn more HERE). The concept is the Internet is a dangerous place and enabling protection is a hassle for many businesses. The reason behind this is enabling basic server certificates can be painful involving multiple steps and a cost. Lets Encrypt is offering the following principles to simplify the process. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Worlds Biggest Data Breaches

Dataloss1The people at Information Is Beautiful created a very interesting visual representation of the worlds biggest data breaches found HERE. The criterial to make this list is being a company that experienced losses greater than 30,000 records during a data breach. Each bubble represents a company and can be clicked to bring up data about the breached as well as a link to the original report covering the incident. The next examples show clicking the recent Home Depot breach to pull up the quick info and detailed article. There is a filter on the right used to tune into what you want to view. Pretty cool little tool.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco Validated Designs For PCI DSS 3.0, HIPAA and FISMA

compliance

There are many reasons people invest in security. The best reason is having the desire to avoid being breached however sometimes wanting the best security doesn’t justify the investment. Many decision makers have to juggle improving the infrastructure, investing in the latest flashy technology such as high end video, etc. along with keeping things secure. Usually the flashy stuff outshines security until something with teeth forces the focus back on security. A prime example is meeting mandated regulatory compliance. Being out of compliant to many regulations could mean pricy fines as well as possibly litigation actions. This is good news for the IT guy that wants to get his security budget requests placed at the top of the stack.

To help meet regulatory compliance, Cisco has released validated design guides for general security as well as specific market verticals FOUND HERE. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The-Fappening

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NSS Labs releases a new set of security reports for Web Application Firewalls

NssLabsNSS Labs just released a new set of reports covering Web Application Firewalls. Those reports can be found at NSS labs website HERE. There is a cost for these reports however it is worth the investment if you are looking to purchase a new firewall. Also, Palo Alto tested poorly and due to the back and forth between both companies, NSS labs is offering the Palo Alto report for freeContinue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Advanced Malware Protection AMP for Endpoints Overview

AMP2

Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic go through or it will impact the user experience. This is why many users get compromised by clicking the wrong email, accessing the wrong website, share the wrong USB drive and so on. Detection needs to extend beyond the doorway and look at files that have breached a host’s defense to determine if that system has been compromised as well as offer a method to remediate the entire outbreak. Continue reading

VN:F [1.9.22_1171]
Rating: 4.2/5 (5 votes cast)