network_defender ✭✭✭✭✭

Can't take the time off.

Learning new things is easier when we can build on what we already know. We continue to tools to our tool box as we learn. The cooking analogy fits very well.

Maria, I'm not missing any points. I just wanted to thank you for all of your efforts.

Test, test, test those scripts.

Change control is critical. Keeping things simple and consistent should be the rule. With one offs, you can lose control of your environment. Once control is lost, regaining it can be a herculean event.

Good reads. I wonder if the person with the "fake' Note seven face legal repercussions?

Really good read. For me, cycling is what keeps me sane. I will keep my phone with me on my rides for safety reasons, but it rarely gets touched. I will ride a complete 200k over a 10 hour period through the back roads of Southeast Virginia and never reach for it. Even better when I bring along an ultra light spinning rig…

Well said Leon. As for me, it was the never ending supply of new things to learn that drew me in. As with most people, there are things that are are in RAM. These are the things I use daily, so RAM is refreshed at fairly regular intervals. Somethings are stored on the local hard drive. These require a little thinking to…

Black Hat Sez: Easy is nice.

Very good write up. I attended a training session once that announced the 2 out of every 25 people were potential insider threats.

RTFM is alive and well.

Totally agree with the "not so new" thought process. Don't reinvent the wheel. Also, agree with the need for other outlets and hobbies. There is much more to life than just tech.

For punishment I would suggest a two hour meeting with the Pointy Hair Boss.

Companies that invest in their people, tend to create loyalty with them. It's easier to retain good, trained people than hire unknowns continuously.

This write up made me smile throughout the entire read. We all have learned and became proficient with "it" along the way. The continual learning we are subjected to is part of the attraction we have with our field. It provides the mental stimulation that feeds our inner nerd. Remember, we build on the knowledge we have…

I work with a guy who spends his evenings looking for unsecured databases. He then contacts the owner with the findings and how to fix them. His responses have been as follows: Ignored Problem fixed Problem fixed and a thank you note Problem fixed, thank you note, and contract offer. It still amazes me how many…

Old school hacking. I'm sure the residents, including a cousin of mine, were none to pleased. I can appreciate thinking outside the box, though.

I had a lead engineer about a decade ago, that fought tooth and nail against adding firewalls and IDS's to the classified network. He claimed that there had never been any incidents on that network, so why secure it? After some pressure from above, he relented. After the installation, he started reviewing the logs.…

Fun read. The smile never left my face the entire time.

Sometimes it does take the fail to make the sale. My first ever experience with this was back in my Navy days. Long story short: The ship I was on was new and had problems with the shipboard generators. While engineering was working out the bugs, electrical power could be very unreliable. My department head didn't agree…

Yes, congrats to am3​

Great articles. Open source or not open source.... Love the Mac and Cheese recipes!

I actually work for Information Systems Security Manager who openly stated that if we were compliant, we were secure. It was/is a dangerous mindset, but I loved poking holes in his theory. He eventually saw the light.

Love to password stories. People make it too easy. Job security for me.

or installing the NEW 256 read/write head 1Mb hard drive, complete with NTDS fast parallel interface. The new drive was standard rack width, 20u high, and 400mpounds.

So, would we be talking about a common database like the CVE, Common Vulnerabilities and Exposures, database? A repository of common malicious file signatures would be a great idea. If implemented, it would have to be well secured though. It would also have to have a repository of known good file signatures as well. I can…

"The most talented security pros are hackers." We teach potential police officers how to think like a criminal. To catch a criminal, one must be able to think like one. So, the best security pros have to be able to think a hacker. To think like a hacker, is to be a hacker.

One big thing that I feel gets overlooked is training for the help desk. My network team regularly works with the help desk when doing upgrades and replacements. The more hands on they get the better.

I couldn't agree more. There is still to much "rice bowl" mentality.

Part of the problem is the reluctance of some senior management, in our government, to embrace what needs to be done. This is one of the reasons the government moves so slowly to comply with its own regulations.