Top Five Ways to Strengthen a Security Architecture (by Keith Bromley)

Top Five Ways to Strengthen a Security Architecture

 

Network security is one of, if not THE, most important topic for IT professionals. This is true for the security engineer, the CISO, CIO, CLO and even the CEO.

The question though is, “What can you really do to improve it?” The answer is to strengthen your deployment of inline security tools. In terms of regulatory compliance for PCI-DSS and HIPAA, inline security tool deployment may not be critical, but it is imperative for a security architecture where you are trying to maximize your defenses.

Network security 2

Here are five of the top activities IT professionals can implement to improve their company’s inline security architecture:

  1. Insert external bypass switches between the network and security tools to improve network availability and reliability
  2. Deploy threat intelligence gateways at the entrance/exit of your network to reduce false positive security alerts
  3. Offload SSL decryption from existing security devices (like firewalls, WAFs, etc.) to network packet brokers or purpose-built devices to reduce latency and increase the efficiency of your security tools
  4. Perform serial tool chaining for suspect data to improve the data inspection process
  5. Insert network packet brokers to improve security device availability by using either n+1 or high availability technology

Read On - More details of implementing a better Security Architecture - 

Continue reading "Top Five Ways to Strengthen a Security Architecture (by Keith Bromley)" »


The Bootup Baseline (by Tony Fortunato)

Since 1995, I have been promoting the idea of a “Bootup Baseline”. The exercise is very straightforward, you power on a device and capture all the packets generated.

I want to take a moment to explain what we will not cover. As you look at the packets you will see several types of traffic:

  • Unicast to the bootup device. This is what we want to focus on
  • Broadcast or Multicast from other hosts. We will ignore these for the most part.
  • Flooded traffic. These are unicast packets that are addressed to other hosts that are on your switch port. This is good to note and possibly take aside to determine why it is happening and of its ‘normal’.

The traffic gathered is there for only two reasons; either the host transmitted them, or the devices on the network sent them back to the booting host.

The most important step in this process is to document how you captured the data. There are many ways to capture packets from a booting device, but the most popular are:

  • SPAN or port mirroring. Since we are not concerned with capturing errors or timings, this works well. The most convenient if you have proper access to the switch.
  • In my opinion this is the best way but it requires you to be physically close to the device and you have to break the connection to that device.
  • 10/100 Hub serves the same purpose as a TAP but no full duplex, fibre or 1 Gb support. We are only interested in the details of the traffic and not timings this works in a pinch. Ensure that the switch port connected to the hub is properly configured to support half duplex.

Continue reading "The Bootup Baseline (by Tony Fortunato)" »


5 Ways to Improve Your Brand Reputation Management ( by John Gumas)

5 Ways to Improve Your Brand Reputation Management

You only get one chance at making a good impression. And you never know who’s seeking you out for the first time.

Make your Brand

If there’s even one bad review on the Internet, it might be enough to convince someone on the fence to check out a different company. Brand reputation management is a major issue for all companies in the digital age, and it’s a responsibility that never ends. Therefore, your best approach is to get in front of any potential issues regarding your brand so that people will never have anything but the best impression of your business. Here are some tactics you can employ that will help you to keep your online reputation at a high level, both now and in the future.

  • Define your approach
  • Stay on top of Social Media
  • Use an SEO
  • Respond to Reviews
  • Focus on Great Content

 

Get the Details on 5 Ways to Improve Your Brand Reputation - Read on - 

 

Continue reading "5 Ways to Improve Your Brand Reputation Management ( by John Gumas)" »


LMTV LIVE | How to Improve Compliance Activities for IT (LMTV LIVE | How to Improve Compliance Activities for IT (with Keith Bromley and Timothy Jones)

Upcoming LMTV Event on How to Improve Compliance Activities for IT

There is a new LMTV event happening on April 11, 2018. Keith Bromley from Keysight Technologies (formerly Ixia) and Wayne Dixon from ForeScout will be talking about how to use network visibility to improve regulatory compliance. While regulatory compliance is an important activity for medium to large businesses, easy and cost-effective solutions can be difficult to find.

Network visibility is an often overlooked, but critically important activity, that can help lower costs and make life easier for IT personnel working on compliance requirements. Solutions like network packet brokers (NPBs) allow you mask sensitive data, perform packet slicing, implement lawful intercept, and discover rogue IT. Purpose-built compliance solutions can also use data filtered by NPBs to perform activities better and also allow IT to demonstrate their regulatory compliance in an easy manner.

Some key thoughts we will discuss during the event:

  • A Visibility Architecture is an end-to-end infrastructure which enables physical and virtual network, application, and security visibility. Instead of just adding components as you need them at sporadic intervals (i.e. crisis points), step back and take a larger view of where you are and what you want to achieve.
  • There are at least four specific areas where NPBs can help compliance activities for network monitoring to:
  • Provide masking of sensitive data. This includes data masking for one or more digits so that security and monitoring tools downstream don’t receive clear text data.
  • Remove the data packet payload with packet trimming. When packet header information is all you need, packet slicing allows you to eliminate the propagation of unnecessary and dangerous data within the payload of the packet.
  • Perform lawful intercept of data from specified IP addresses and VLANs.
  • Create regular expression search strings using application intelligence to enable better searches for specific data
  • There are at least two additional areas where NPBs can help a security architecture to:
  • Discover rogue IT (unauthorized applications and devices), which helps avoid policy and compliance issues.
  • Enforce IT policies, like detecting off-network storage and unapproved web-based email solutions, to identify exfiltration of data potential security risks.
  • Data from NPBs can also be fed to purpose-built compliance solutions like the ForeScout CounterACT solution to support demonstration of regulatory and endpoint compliance.

Join us for the fourth of several discussions to learn how to unleash the power of network visibility.

If you can’t make it to the event, watch the podcast on-demand or check out some of these free resources.

 

 

 

Continue reading other LoveMyTool posts by Tony Fortunato »


LMTV LIVE | Meet the Ekahau Geeks (with Tony Fortunato and Tim O'Neil)

Join Tony Fortunato and Tim O'Neill Wednesday April 4 at 9:30 Eastern as they interview the geeks from Ekahau (https://www.ekahau.com).

Jerry Olla, Jussi Kiviniemi and Joel Crane will be discussing WiFi tools and common Wifi issues that they see out there. Why is Wi-Fi often so bad? What can we do about it? What does bad, and good Wi-Fi look like?

We will also see live demos of their brand-new Wi-Fi design and troubleshooting hardware and software tools.

As Tim O’Neil says, “WiFi is now an essential part of your corporate network infrastructure! Learn from experts on how to monitor, manage and secure.”

 

 



Ekahau upcoming event 
Cisco-Geekfest-2018-logo_400x400-146x146

2018 Cisco Geekfest

May 8th - 10th, 2018
Chicago, IL 

Common SSL certificate errors and how to fix them (by Dan Radak)

Common SSL certificate errors and how to fix them by Dan Radak

SSL certificates provide a wide range of benefits to website owners, security being the prime among them. Like software products, SSL certificates are also issued by separate vendors who follow their own software writing methods and processes. SSL certificates from different Certificate Authorities might behave differently under various circumstances.

SSL helps keep data safe from the Web to the end users Browser.

Ssl

A good SSL tutorial - SSL on YouTube

As a result, it is possible that they throw up errors, some of which first time certificate users may not be able to understand or rectify on their own.

In most cases, these errors could also be warning issued by the certificate to alert the user against system and network compromises that can lead to damage.

In other cases, it could possibly be an internal error which can be easily rectified.

Here are some such common errors related to SSL certificates and how they can set right.

Continue reading "Common SSL certificate errors and how to fix them (by Dan Radak)" »