Ok, its been ages since I actually had snort up and running, so long in fact that the last time I used it, ACID was still the best way to deal with the alerts! Well after a couple of days (well a couple of hours here and there at least) I have a fully functional set of snort sensors in place on public and private segments of my networks, all feeding to a centralised database with “BASE” handling the analysis! woohoo. small victories are the best! Continue reading “Snort Rocks!”
I work in a world of standards, opinions, controls and countermeasures, all encompassed in a foreign language of “InfoSec” and “ItSec”. This of course, while entertaining, is of little use to the world. I would like to propose a simple concept, probably high level, and I am sure my peers would argue is “inadequate”, that said however, hear me out: Continue reading “How Security Should Work”
First of all, legislation doesn’t die, it just becomes BAU. PCI is still a pain for most, but as a race, us Humans are fickle creatures who like our topics and news to be current, so the latest and greatest will always be at the top of the agenda. Continue reading “PCI-DSS Is it dead?”
Courtesy of the Institute for Information Security Professionals
As I mentioned in the opening CEO article, the inaugural Top Gun event in Manchester was a great success on many fronts. We had 20 participants, organised into the Red and Blue teams, plus 5 members of the Control Team, and the day just seemed to fly past, so intense was the concentration, interaction, ingenuity and fun. Continue reading “IISP Top Gun event, Manchester, 30 June 2008”
The concept is simple, the more obstacles in the way the better. Let me abstract the concept for you…..
…..you put your file in a safe, I crack into the safe.
………you put your file in a safe, and lock the safe in a strong/secure room, I crack the room then the safe. Continue reading “Layered Security”