Roger Halbheer on Security
Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first J) is to know your assets and have your data classified so that you understand, which…
DetailsWhen I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning an identity and want to make sure that…
DetailsOften, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…
DetailsI think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the…
DetailsWell, some tablets could be but what about the productivity apps?
Roger
I just read a post on slashdot: During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn’t because she couldn’t afford the $10,000 fee involved with the specialty medical software that has been upgraded…
DetailsWe could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which is similar to an RSA SecureID. How…
DetailsOver the course of the next 12 months, you will definitely hear us turning up the volume on Windows XP end of life. However, I really hope that you started your migration – if you have not already migration until today. Trustworthy Computing just looked at the end of support through the lens of the…
DetailsOne of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy…
DetailsThis is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own:
Roger
As you might know, solving CAPTHCAs is not really a difficult task for the underground economy. Initially, they wrote code to do it – but then learned that it is easier to outsource the puzzle solving to cheap labor. For a few dollars you can have a CAPTCHA farm solving 1000 CAPTCHAs for you. Fairly…
DetailsI came across this article this morning: 5 Ways Event Log Management Makes You More Secure. The claim there is, that adding 5 additional tasks will make you more secure: Centralized logging makes it possible to review all the logs SIEM is French for “locked down” Event correlation helps you find bad things Search and…
DetailsIn one of my latest blogs Security in 2013 – the way forward? I mentioned that I have two slides showing the evolution of Windows in the light of the evolving threat landscape and the evolution of the Internet. I got some requests for this deck. Therefore I posted it on my Downloads page. You…
DetailsThis morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven espionage not only targets state’s secrets but industrial espionage…
DetailsI just needed to post this: There is a new blog on our Surface: I am really, really, really looking forward to getting the Surface Pro here in Switzerland J Related articles Surface Windows 8 Pro arrives 9 February Microsoft finally launches official Surface blog Embargoes lifted, reviews of the Surface Pro are in Microsoft…
DetailsMost companies have a lot of security policies to protect their assets and then there is the best of breed security technology added for each technical problem to solve. That way we can ensure that we did everything we could to protect the business – right? Well I do not completely think. I read this…
DetailsDepending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that they should patch but too often do not…
DetailsToday is the day we launched Office 365 officially to the broad market. This is a real cool step forward you should look at: Go to http://office.microsoft.com and give it a try. For only $8/year you get the ability to have it on up to 5 PCs or Macs (well, I guess you choose PCs…
DetailsTypically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into…
DetailsI was just made aware of a case study, which is a really interesting “attack” on a US company via VPN. It is sometimes not like it seems… You should read this: Case Study: Pro-active Log Review Might Be A Good Idea At least a way to get some air-cover if you look at the…
Details