Entries Tagged as 'Best Practices'
by Neil MacDonald | February 10, 2011 | Comments Off
Last week, the US National Institute of Standards and Technology (NIST) published its final virtualization security guidelines. There are already guidelines available from the Center for Internet Security, VMware, Microsoft, and Citrix as well as guidelines from the Defense Information Security Agency in the form of STIGs. NIST adds to this collective knowledge and expands [...]
Category: Virtualization Virtualization Security Tags: Best Practices, Hyper-V, Hypervisor Security, Virtualization, Virtualization Security, VMware
by Neil MacDonald | January 26, 2011 | 5 Comments
In one of my first posts as a blogger nearly 2 years ago, I discussed the potential for disaster if a compromise in the virtualization platform (hypervisor/VMM) occurred. Last year (I was intending to comment on this at the time, but it slipped my mind), I was reading the IBM X-Force 2010 Mid-Year Trend and [...]
Category: Next-generation Data Center Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Best Practices, Cloud Security, Hypervisor Security, Information Security, Next-generation Data Center, Next-generation Security Infrastructure, Virtualization, Virtualization Security, VMware
by Neil MacDonald | January 21, 2011 | Comments Off
In my kick off post for 2011, I talked about the need for IT to expand the depth and breadth of patching. In the follow-on post, I talked about the need to migrate more users to run with standard user (and not administrative level) privileges. One of the challenges to both of these actions is [...]
Category: Application Security Information Security Microsoft Microsoft Security Windows 7 Tags: Application Security, Best Practices, Browser Security, Information Security, Microsoft, Microsoft Security, Windows
by Neil MacDonald | January 19, 2011 | 6 Comments
Static application security testing (SAST) can be thought of as testing the application from the inside out – by examining its source code, byte code or application binaries for conditions indicative of a security vulnerability. Dynamic application security testing (DAST) can be thought of as testing the application from the outside in – by examining [...]
Category: Application Security Applications Tags: Application Security, application security testing tools, Best Practices, Defense-in-Depth
by Neil MacDonald | January 14, 2011 | 2 Comments
One of the reasons that security tops the list of inhibitors for the adoption of public cloud computing is the concern around the use of multi-tenant infrastructure and applications. However, I believe the concerns are often overblown. Everything is multi-tenant at some level. For example, we all share the same planet and the same air. [...]
Category: Cloud Cloud Security Next-generation Security Infrastructure Virtualization Virtualization Security Tags: Application Security, Best Practices, Cloud Security
by Neil MacDonald | January 6, 2011 | Comments Off
In my previous post, I kicked off 2011 with a recommendation for improving your “security bang for the buck” or quick wins for information security in 2011 – increasing patching breadth and depth. Here’s a few more to consider in 2011: In a response to this post on the value (or lack thereof) of antivirus [...]
Category: Beyond Anti-Virus Cloud Security Endpoint Protection Platform Windows 7 Tags: Best Practices, Beyond Anti-Virus, Cloud Security, Endpoint Protection Platform, Information Security, Lockdown, Reducing Cost, Security No-Brainer, Windows
by Neil MacDonald | January 4, 2011 | Comments Off
I am back from the holidays and was responding to some comments on my previous blog post on antivirus technologies and the shift to endpoint protection platforms where one of the readers had recommended disabling autorun on removable media for a quick win for information security. There are several things in information security that we [...]
Category: Application Security Beyond Anti-Virus Endpoint Protection Platform Information Security Tags: Apple, Best Practices, Defense-in-Depth, Endpoint Protection Platform, Information Security, Security No-Brainer, Windows
by Neil MacDonald | September 28, 2010 | Comments Off
I work with clients daily on how to change their development (and procurement) processes to product more secure code. I wrote in this blog, that application security cannot be solved with technology alone, yet I still run into organizations trying to solve their application security problems with the purchase of a static or dynamic application [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Maturity Models, Microsoft
by Neil MacDonald | September 16, 2010 | 6 Comments
Earlier this week, I saw this article describing a security breach by an internal Google employee where a site reliability engineer (now fired) had violated the privacy of multiple email accounts. From the article: Barksdale’s intrusion into Gmail and Gtalk accounts may have escaped notice, since SREs are responsible for troubleshooting issues on a constant [...]
Category: Cloud Cloud Security Next-generation Data Center Virtualization Security Tags: Best Practices, Cloud Security, Information Security, Next-generation Security Infrastructure, Virtualization Security
by Neil MacDonald | June 1, 2010 | 4 Comments
Interesting question – eh? There is a great amount of passion on both sides of the argument. Beyond the emotion and hype, what’s the reality? After Microsoft followed Java’s lead and adopted an interpreted byte code model (common language runtime) for .NET, our official position has been that in the hands of a skilled developer, [...]
Category: Application Security Tags: Application Security, application security testing tools, Best Practices, Microsoft Security
