Category Archive for 'Security'

Scrutinizing SSH

Tuesday, September 18th, 2007

In my previous post titled Bolting on Security, I mentioned that port 22 is generally not scrutinized as much as 445 when being allowed through a firewall. Obviously the situation varies from incident to incident, but I wanted to say that port 22 really should be looked at more closely. All is not always roses […]

Bolting on Security

Friday, September 14th, 2007

To build security in your project, you need to make it a consideration from the start. Bolting it on afterward is always a recipe for disaster, and unless you start over with a complete application rewrite you are likely to fail to secure your application in some subtle manner or another. If you are in […]

Security Risk Assessments

Tuesday, August 28th, 2007

Risk assessments are one of the main tasks I am faced with day-to-day with my security work. Most of the time it comes in as a request to “approve” some architecture. In my head, this is basically a security risk assessment where I also getting to decide for the business that the benefit of allowing […]

Debugging Connectivity Problems

Tuesday, August 21st, 2007

The Application is down! No, wait! Our Unix administrators just checked the server and it is running. They swear by it, and say it is the network team’s equipment dropping packets. The network team checks their systems and swear they are passing the traffic, and it must be an application configuration issue. The application folks, […]

Secure FTP in All its Forms

Saturday, August 18th, 2007

It is the File Transfer Protocol. FTP has been an important part of the Internet for more than 20 years. Businesses depend on it to transfer data from system to system and from business to business. In today’s world of SOX, HIPPA, PCI, and other standards and regulations companies are not only required to get […]