A major component of IT security is determining who is allowed into your structure both physically and logically, and what can they do once they have gained access? Access control determines who has how much access. To get control, organizations must lock down their systems, including hosts, networks, applications, data stores, and data flows, and address the following:

Communication Security
Cryptography
IDS/IPS/IDP
Logging and Monitoring
Penetration Testing
Remote Access

I am going to start the year with a question: will 2011 mark a change in security awareness? I hope that by the end of 2011 the answer will be “yes.” So far however, this year’s news doesn’t point in that direction.

As any network administrator will tell you, the ASA Security appliance (as well as its forerunner, the PIX) are capable of generating massive amounts of log messages, especially when the firewall/security appliance is set to log messages at debug level to the syslog server.  This post will focus on one such source of a high […]

To the extent practical, good design suggests that phones have only the minimum calling privileges necessary. But how do you handle conference room phones that serve multiple functions?

2010 is shaping up to be a year that continues to emphasize the need for security. One potential solution that has been promoted for several years is network access control (NAC). NAC has come about as a response to the increased need for security by large and small organizations. If you’ve been considering NAC, there are several ways to deploy this security solution. These include infrastructure-based NAC, endpoint-based NAC, and hardware-based NAC.

The concept of a “networked refrigerator” that’s connected to the Internet may seem like a running joke among watchers of the Internet’s infiltration onto a host of devices, but at a time when cars with Internet-enabled dashboard screens are being introduced, the idea of more and more business devices that can communicate on a network […]

As the saying goes, “all good things must come to an end,” but what about things that are not so good?   Payment Card Industry Data Security Standards (PCI) specifications  banned new WEP deployments after March 31, 2009, and current implementations must stop using WEP after June 30, 2010. The issue is that WEP is insecure.  It […]

A recent study by the Ponemon Institute determined that the average security breach costs $203 per compromised record. So, if a company loses a hard drive that contains sensitive data on one million customers, they’re out $203,000,000. That’s a lot of items off the dollar menu at your local fast food joint. To compare  —  five years ago, […]

A significant percentage of the students I teach manage multiple Cisco security devices: IOS routers/switches, ASA or PIX firewalls, IPS sensors and, yes, even the occasional VPN concentrator. While most of the official training courses offered provide at least one chapter which discusses “best practices” in managing each of these devices, they omit the comparison of […]

Frequently a Cisco Router administrator desires to have “backdoor” access to their device in case the authentication/authorization server is down or unreachable. Occasionally the senior administrator or IT staff manager will also desire a method of access which will always be available and only be available to them. This post will focus on the vty […]