Header Image -

Tag Archives

3 Articles

A High Level Overview of IT and Security Industry Standards

by Jamey 0 Comments
A High Level Overview of IT and Security Industry Standards

This may sound like a boring article to many, but it is a basic overview of some very important information that is crucial to include in the repertoire of knowledge for all IT and security professionals.

In this article, we will be going over the high points for the following industry standards: PCI DSS, ISO 27001/27002, HIPAA, and the NIST/DoD frameworks, and adding some comments along the way on the relationships and effects that these policies and frameworks have on network architecture, as well as what possible implications they could have on architectural solutions. Most of the architectural solutions provided come from an Amazon Web Services perspective, but the same basic principles apply, regardless of which cloud service provider (CSP) you use, or even if your infrastructure is hosted on-premises.

52 views

Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

by Jamey 0 Comments
Ransomware. Ransomewhere? Inside malicious installers on MacOS, that’s where.

With the new wave of ransomware attacks we have seen at the beginning of this week, especially targeted toward Spain, we can see that mostly Windows attack vectors are mostly being utilized, in what appears to be a variant of the Bitpaymer family, related to the Dridex group of malware.

But what does the future hold for attacks such as these? When will we see the attack vector change drastically to target something that your company is most-likely unprepared for? We are seeing bad actors targeting low-hanging fruit on Windows, while the world of end-users are going mobile. If iOS development is part of your enterprise, then whether you like it or not, MacOS literally has to be an integral part of your infrastructure…because XCode. Is it possible that this is something that has gone unnoticed in the threat detection landscape, or is the perception of the threat level just perceived to be so low that we haven’t yet come up with a good way to protect against it?

14 views

HSTS – The Missing Summary

by Jamey 0 Comments
HSTS – The Missing Summary

HSTS (HTTP Strict Transport Security) is a feature supported by all major browsers, and it’s a method for websites to declare that they should ONLY be accessed securely over HTTPS and never over an unencrypted HTTP connection. If a site has an HSTS policy, browsers will refuse all insecure connections to that site AND prevent users from accepting insecure SSL certificates. This, however, can come with certain risks to availability if not implemented correctly, as you will read later…

9 views