var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Tuesday, December 9, 2014

Repost - Stop Admiring The Problem. Start Addressing The Problem.

I recently published the below post on the SANS Internet Storm Center site.

How much energy do you spending admiring your problems? It does not matter what the problem is - asset inventory, vulnerability management or security awareness. You do have problems. What are you doing to make your current problem less of a problem? Set your problems aside for just a minute and take a brief journey to explore how your problems can be viewed as an opportunity. 

I have been guilty of this behavior in the area of vulnerability management. I was so focused on making sure that everything was scanned on a regular basis that I failed to work with the system and application administrators to help them remediate the vulnerabilities the scanners had identified. A much better alternative to just scanning everything on your network is to scan for a brief amount of time and then stop. Stop long enough to fix some issues the scanner identified and then go back and confirm they really were fixed. It does not have to be complicated. Perhaps you can use a simple chart that shows what was found, what was corrected and what still needs to be corrected. 

Collecting a bunch of "High" rated vulnerabilities adds no value. Correcting "High" rated vulnerabilities adds tremendous value. Instead of throwing missing patches over the fence to your administrators, offer help to them in their time of need. Maybe there is a valid business reason the administrators are not responding as quickly as you would like. Maybe they need extra support from your security or compliance teams to make progress in this area. Maybe they could use your help to focus on a solution to this problem. 

Every person should take time to make undeniable progress on one of their security problems because of the positive impact it will make on the security posture of their organization. Make progress, even if it is just baby steps. Make a move in the right direction to become the change agent that is desperately needed. 

What can you do right now to be the catalyst for the positive change your organization so desperately needs? 


What can you do right now to stop admiring the problem?


Saturday, November 8, 2014

Do you remember your "first love"?

I recently published the below post on the SANS Internet Storm Center site.


I will never forget the name of my first server - Rachel. I was very proud to be the person whose job it was to defend Rachel from all types of disruption. To this day I still remember each IP address, user account, service account and application. When patches were installed, I manually verified they had been applied successfully. I diligently reviewed the logs and configured full auditing to let me know the success and failure of just about everything. 
I have administered many servers since Rachel, but do not remember as much about them as I do about my "first love”. Consider this an invitation to fall back in love with your servers. An invitation to return back to the time when you did everything possible to defend them. It may be possible that by returning to the diligence you once had, many problems and outages could be avoided.
How can you do this? The act of actively measuring how well you manage, secure and maintain your severs can very well be the catalyst you need to return back to your "first love”. Consider creating and sending yourself a daily report that clearly shows its current security posture. What are good candidates for this report? Some of my favorites include the below.

  • Mean time to detect a network scan
  • Mean time to identify a new administrator account
  • Mean time to identify a new service running (or not running anymore)
  • Ask psexec to list all executables on a Windows system and send the output to a file using

                 @echo off
                 psexec dir *.exe > %computername%_ExeFound.txt

  • Ask WMIC to tell you the patches that are installed using the command: 
                 wmic qfe > patches.txt 
  • Use the security log to search for Successful ( and unsuccessful ) logins for administrative and service accounts
  • Review the daily log volume, perhaps looking at the last 7 days to show trends that indicate significantly more or less than expected log volume
  • Count the number of Remote Desktop sessions in a "normal" day
  • Look for the events generated when the Security log is cleared

There are certainly many metrics you could track. Pick a few and diligently check them every day for the next month. You'll be glad you did!  


Wednesday, June 4, 2014

Community SANS in Fort Lauderdale

Consider joining me for the next Community SANS event in Fort Lauderdale

on July 28 - August 2, 2014. I will be teaching the SANS Security Essentials 

Bootcamp Style course. This popular course is appropriate both for

people new to security as well as those who have been in security for

years. This was the first SANS course I attended after I was in security for

over three years. I remember how much I learned in this class as a student

back then and look forward to sharing my passion for this course with you.



***************************************************************************



It seems wherever you turn organizations are being broken into and the

fundamental question that everyone wants to know is Why? Why do some

organizations get broken into and others do not. SEC401 Security

Essentials is focused on teaching you the right things that need to be

done to keep your organization secure. Organizations are spending millions

of dollars on security and are still compromised. The problem is they are

doing good things but not the right things. Good things will lay a solid

foundation but the right things will stop your organization from being

headline news in the Wall Street Journal. SEC401's focus is to teach

individuals the essential skills and techniques needed to protect and

secure an organization's critical information assets and business systems.

We also understand that security is a journey and not a destination.

Therefore we will teach you how to build a security roadmap that can

scale today and into the future. When you leave this training we promise

that you will be given techniques that you can implement today and

tomorrow to keep your organization at the cutting edge of cyber

security. Most importantly, your organization will be secure.

(http://www.sans.org/community/event/sec401-fort-lauderdale-28jul2014-russell-eubanks)



***************************************************************************



What: Community SANS Fort Lauderdale 2014

When:  July 28 - August 2, 2014

Where: 
Nova Southeastern University
3301 College Avenue
De Santis Building, 4th Floor 
Fort Lauderdale, FL 33314

THE COMMUNITY SANS ADVANTAGE (http://www.sans.org/info/41114)

The Community SANS format offers the most popular SANS courses

in your local community at a reduced tuition fee.  And as with all SANS courses,

the earlier you register, the more your fee is reduced.


SANS promises that you will be able to use what you learn in the classroom as soon

as you return to the office.


Register today to join me in Fort Lauderdale by visiting

(http://www.sans.org/community/event/sec401-fort-lauderdale-28jul2014-russell-eubanks).


Let me know if you need any additional information about this course! 

Wednesday, May 21, 2014

Community SANS in Pittsburgh

Consider joining me for the next Community SANS event in Pittsburgh, PA

on June 16 - June 21, 2014. I will be teaching the SANS Security Essentials 

Bootcamp Style course. This popular course is appropriate both for

people new to security as well as those who have been in security for

years. This was the first SANS course I attended after I was in security for

over three years. I remember how much I learned in this class as a student

back then and look forward to sharing my passion for this course with you.



***************************************************************************



It seems wherever you turn organizations are being broken into and the

fundamental question that everyone wants to know is Why? Why do some

organizations get broken into and others do not. SEC401 Security

Essentials is focused on teaching you the right things that need to be

done to keep your organization secure. Organizations are spending millions

of dollars on security and are still compromised. The problem is they are

doing good things but not the right things. Good things will lay a solid

foundation but the right things will stop your organization from being

headline news in the Wall Street Journal. SEC401's focus is to teach

individuals the essential skills and techniques needed to protect and

secure an organization's critical information assets and business systems.

We also understand that security is a journey and not a destination.

Therefore we will teach you how to build a security roadmap that can

scale today and into the future. When you leave this training we promise

that you will be given techniques that you can implement today and

tomorrow to keep your organization at the cutting edge of cyber

security. Most importantly, your organization will be secure.

(https://www.sans.org/community/event/sec401-pittsburgh-16jun2014-russell-eubanks)



***************************************************************************

What: Community SANS Pittsburgh 2014

When:  June 16 - June 21

Where: National Cyber-Forensics & Training Alliance
2000 Technology Drive, Suite 450
Pittsburgh, PA 15219 US


THE COMMUNITY SANS ADVANTAGE (http://www.sans.org/info/41114)

The Community SANS format offers the most popular SANS courses

in your local community at a reduced tuition fee.  And as with all SANS courses,

the earlier you register, the more your fee is reduced.


SANS promises that you will be able to use what you learn in the classroom as soon

as you return to the office.


Register today to join me in Pittsburgh by visiting

(https://www.sans.org/community/event/sec401-pittsburgh-16jun2014-russell-eubanks).


Let me know if you need any additional information about this course! 

Saturday, January 18, 2014

Community SANS Returns to Charleston

Consider joining me for the next Community SANS event in Charleston, SC

on February 24 - March 1, 2014. I will be teaching the SANS Security Essentials 

Bootcamp Style course. This popular course is appropriate both for

people new to security as well as those who have been in security for

years. This was the first SANS course I attended after I was in security for

over three years. I remember how much I learned in this class as a student

back then and look forward to sharing my passion for this course with you.



***************************************************************************



It seems wherever you turn organizations are being broken into and the

fundamental question that everyone wants to know is Why? Why do some

organizations get broken into and others do not. SEC401 Security

Essentials is focused on teaching you the right things that need to be

done to keep your organization secure. Organizations are spending millions

of dollars on security and are still compromised. The problem is they are

doing good things but not the right things. Good things will lay a solid

foundation but the right things will stop your organization from being

headline news in the Wall Street Journal. SEC401's focus is to teach

individuals the essential skills and techniques needed to protect and

secure an organization's critical information assets and business systems.

We also understand that security is a journey and not a destination.

Therefore we will teach you how to build a security roadmap that can

scale today and into the future. When you leave this training we promise

that you will be given techniques that you can implement today and

tomorrow to keep your organization at the cutting edge of cyber

security. Most importantly, your organization will be secure.

(http://www.sans.org/community/event/sec401-charleston-24feb2014-russell-eubanks)



***************************************************************************

What: Community SANS Charleston 2014

When:  February 24 - March 1, 2014

Where: Hyatt Place

7331 Mazyck Rd

North Charleston, SC 29406 US




Tuition:  Register by January 29 to save $200 on this class

(http://www.sans.org/community/event/sec401-charleston-24feb2014-russell-eubanks)





THE COMMUNITY SANS ADVANTAGE (http://www.sans.org/info/41114)


The Community SANS format offers the most popular SANS courses

in your local community at a reduced tuition fee.  And as with all SANS courses,

the earlier you register, the more your fee is reduced.


SANS promises that you will be able to use what you learn in the classroom as soon

as you return to the office.



Register today to join me in Charleston by visiting

(http://www.sans.org/community/event/sec401-charleston-24feb2014-russell-eubanks).



Let me know if you need any additional information about this course!