If you’re an IT auditor or security analyst and you don’t know how to ping a server, then I have some words for you:
LEARN HOW!
So let’s do it.
I’m assuming most of my readers already know how to do this. If so, please answer the poll question at the bottom. If not, please read on, then answer the poll question. Thanks!
Filed under Audit, How to..., Poll, Security, Technology
During an audit, I had a vendor provide me with access to data I shouldn’t have, no questions asked. I didn’t ask for the access, I just needed some information for my audit.
The audit involved checking some vendor software to determine whether it is patched by IT on a regular basis. I obtained from IT a screenshot of the version number of software that was installed, but needed to know the last couple of versions released by the vendor. The admin was going to send me the URL because he said I probably wouldn’t find it the info on the vendor’s site. After a couple days of waiting for the URL, I took matters into my own hands and went to the vendor’s website.
Filed under Audit, Case Files, Security, Security Scout
I recently stumbled across an article discussing how to choose an outside IT auditor by Kevin Beaver that stated, “With a few exceptions, auditors aren’t highly technical”–and may not need to know the difference between firewalls and fire hydrants.
If you know me, you know non-technicality of many IT auditors really bangs my keyboard (see the CISA posts listed below). An IT auditor who doesn’t have technical knowledge about IT is like a person who washes dishes without water.
Filed under Security, Technology
Shon Harris is offering FREE Certified Ethical Hacking (CEH) videos for online viewing. According to Harris, all the videos together are over 25 hours long.
The videos are listed below and can be viewed at www.logicalsecurity.com/resources/resources_videos.html.
So what’s the catch? Make sure you read this entire post before you leap!
Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
Filed under Security
While reading a job description for an IT security analyst recently, I noticed that the details were somewhat vague. The position required so many years of the usual security requirements and experience with routers, firewalls, IPS, but it didn’t mention which ones.
Then I saw this statement, which explained the vagueness:
Filed under Employment, Security
Matasano Security has released an upgrade to Flint, a FREE web application that examines firewall configurations. “Flint examines firewalls, quickly computes the effect of all the configuration rules, and then spots problems.”
According to Matasano, once you upload a firewall configuration, Flint:
A couple of weeks into a new job, I was told that I was now in charge of the Internet firewall. I suddenly realized I had two major problems:
Filed under Security, Security Scout
Update: See links to other sites at the end of this post. I’ll update as I find them.
If you want a good collection of security tips for yourself or others, check out the www.onguardonline.gov website . It contains articles, videos, quiz games, and tutorials about security topics.
The topics and tutorials are good; the videos and quiz games seemed to be geared for the younger generation. Even so, it would be a good link to send to grandparents and those who are curious, but hesitant about technology.
Filed under Security
ITauditSecurity 