I have been muddling through the “Hype”r-V blogs and emailing that have innundated me over the past couple weeks. I have also taken another look at the free ESXi server from VMWare, and the XenServer 4.2 beta. Being in the midst of looking at all of these, one thing struck me about all of them […]
An interesting discussion that I have been having of late, is the fact that many people do not really comprehend the difference between PCI-DSS compliance and validation requirements. Here it is in a nutshell: – Compliance: Everyone has to be compliant to 100% of the PCI-DSS standard 100% of the time, regardless of “level”. There […]
Having recently come from my annual QSA re-certification class, it was obvious to me that there are some very large chasms in the interpretation and service level of offerings by QSA vendors. There are some very large companies that are basically selling you a check-box, and in reality are doing nothing to meet the intent […]
I was reading a number of the recent Usenix papers on IPv6 transition, and the one thing that sparked a thought was the fact that there really is no “RFC 1918” space in the IPv6 world. I was wondering how many security architectures have a fundamental assumption that “you can’t get there from here”? I […]
The absolute root of hacking tools, techniques, and software is something called War Dialing: that is, dialing a phone number and trying to exploit the service on the other end. In the early 90’s, a small community of people developed software that would automatically scan phone numbers and categorize the answering system types. These programs […]
Almost every company has some type of Web presence – ranging from simple brochure sites to sophisticated transaction-oriented applications – and therefore has some type of conduit from the general Internet to company resources and or company data. The fact is that identity theft and access to confidential or private information through Web applications is […]
Mentioning the word hacker usually elicits a strong response, no matter who you talk to. The Chief Security Officer and virtually anybody on the street will each have something specific to say. The problem with this word is that it detracts from the real issue of making Internet resources more secure because of the emotional […]
There are literally thousands of tools available to help you evaluate, analyze, or manipulate resources in your IT environment. Some do protocol manipulation or are protocol analyzers (to look at or “sniff” traffic on the network) and some focus on your critical network servers like the name service or the Web server. Some of the […]
The Internet community needs to have security skill certifications that are meaningful. Right now, there are a hodgepodge of organizations that offer certifications in a wide variety of areas. Last year there were at least 150 vendor-neutral information security certifications and 20 vendor-sponsored or vendor-specific security certifications. The fact is, most of these certifications are […]
Since 1994, SystemExperts has been helping companies see the big picture and design solutions to meet their comprehensive security needs. We over-deliver and provide unmatched personal attention, distilling problems to their root causes and recommending what’s appropriate for every client.
