|
||||||
|
If you get put in charge of vulnerability management for a large organization with many internet facing websites, you may run into some roadblocks on 1) Determining who owns what websites, 2) What servers host which websites. 3) What virtual IP’s load balance to which internal webserver hosts. 4) Which different outsourced entities have ownership over different websites and IP [...] A strange analogy crossed my mind the other Sunday. The whole IT Compliance vs A common logic used in religion is to 1) Follow the laws of the religion and 2) Follow the principals of the religion as you understand them. Following the laws and principals would be doing [...] Are you shipping network appliances that haven’t been scanned for vulnerabilities? I’m responsible for getting security vulnerabilities corrected or “remediated” at work. Keep in mind this is no small job since our network is probably one of the largest in the world. I continue to be surprised by these network equipment manufacturers that are completely clueless about vulnerability [...] Don’t forget about Databases! Since SQL server was affected by the recent patch Tuesday, I realized that databases are a large space in the Enterprise that may have not been getting the focus they need. In many large companies a separate team (or teams) own and manage the database engine, whether that is SQL server, DB2, [...] Security Scans Vs Penetration Tests [...] Attention CISSP’s — ISC2 allows you to volunteer doing computer security work for a charitable, Government or public organization and count those hours towards your CPE’s. ( Disclaimer, I am a CISSP, but I am not employed by ISC2) Most certifications require that you maintain some type of continuing education so that your knowledge does not become [...] |
||||||
|
Copyright © 2010 IT Security From the Trenches - All Rights Reserved |
||||||
