-
04 Oct 2011Should You Ban Facebook at the Office?
In the whitepaper To Block or Not. Is that the Question?, Palo Alto Networks explores the issue of "Enterprise 2.0" applications such as Facebook, Skype, Twitter and YouTube and how users are now in control of the network. Meanwhile, IT staff is saying "just block it!" and users say "just don't block it!," but it's not that simple. As the whitepaper points out, the real answer lies in your ability ...
Continue Reading... -
27 Sep 2011
Web security essentials: something old and something new
Here are some new bits I've written on Web security that you may be interested in. First a bit on SQL injection - the greatest Web flaw of all in my humble opinion:SQL Injection – The Web Flaw That Keeps on GivingAnd a bit on how to use your users to your advantage to minimize Web security risks:Getting users on your side to improve Web security...and finally a piece on ...
Continue Reading... -
26 Sep 2011
Common firewall management challenges whitepaper
Here's a new whitepaper I recently wrote on the ins and outs - and dos and don'ts - of managing enterprise firewalls:Firewall Management: 5 Challenges Every Company Must AddressIn the paper I cover things such as rules and regulations impacting firewall management, assessing firewall policy risks, managing changes and being able to prove where things stand with your firewalls at any given point in time.Enjoy!...
Continue Reading... -
26 Sep 2011
Compliance or risk: what the real IT leaders focus on
Whatever your approach to managing IT and information security, here's a new bit I wrote for Security Technology Executive magazine on fixing what needs to be fixed before you do ANYTHING else:Fix Your Low-Hanging Fruit or Forever Hold Your PeaceOnce you have the urgent flaws on your most important systems out of the out of the way, here are some pieces I wrote for SearchCompliance.com on dealing with compliance while, ...
Continue Reading... -
21 Sep 2011
Buying, selling & consigning used hardware great for IT budgets
In IT and information security we're required to come up with creative ways to save money any way we can. Well, how about this novel idea: buy used network and computer hardware, or sell what you've already go so you can upgrade.A good friend of mine works at a company (Riverside) that does just that. They buy, sell and consign used network and computer hardware to help businesses save (or ...
Continue Reading... -
20 Sep 2011
Pick up that paper at your own peril
From @Quotes4Writers on Twitter, this totally reminded me of me:"You have to be brave to take out that white sheet of paper and put on it words that could be evidence of your stupidity." - Sol Saks...
Continue Reading... -
19 Sep 2011
Windows ASLR, APTs, server malware protection and common patching gaps
Here are some new pieces I've written for the TechTarget sites SearchWindowsServer.com and SearchEnterpriseDesktop.com on Windows (in)securities in the enterprise including a bit on the over-hyped and misunderstood APT threat (is that like "ATM machine"?) which I got to see first hand while working on a project that involved one of the Operation Shady Rat victims:The APT threat to Windows environmentsWhy you need address space layout randomization in Windows Server ...
Continue Reading... -
16 Sep 2011
No CPEs for you!
I spoke at the @ISACAAtlanta GeekWeek show and all I got was this lousy notification ;-)Seriously, it was a good show that I recommend next time they have it....
Continue Reading... -
16 Sep 2011
My new paper on BitLocker’s hidden costs
I've been a fan of Microsoft BitLocker since it first came out. It provides a cheap and easy way for users to lock down their laptops and mobile storage devices and is especially helpful in small businesses where security knowledge is scarce at best. Although BitLocker protection can be bypassed, it's still better than nothing - like WEP for wireless networks.Anyway, if you're considering BitLocker as your disk encryption solution, ...
Continue Reading... -
16 Sep 2011
I love solid state drives but I’m no fan of OCZ
I tweeted about this the other day but though it deserved a longer post. If you do anything with IT/security tools such as vulnerability scanners, network analyzers and the like you HAVE to get a solid state drive.Hands down, installing solid state drives in my laptops has been the best computer upgrade I have ever made in 22 years of using computers. Better than doubling my RAM, better than upgrading ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
