-
09 Sep 2008Mediocrity at its best
I just read this Dilbert comic strip the other day on my Dilbert desktop calendar from a few months back (I'm running behind) and Mike Rothman has a good post about it here. Explains why we have so many security problems.Security best practices anyone??...
Continue Reading... -
05 Sep 2008
My security content from this week
Here are two articles I wrote for Security Technology & Design magazine (a really good trade rag covering both IT and physical security) as well as another piece for Redmond Developer News I was interviewed for. Enjoy!Get Certified? The real deal with information security training and certifications10 Ways to Protect Your Web ServersDespite Help From Microsoft, SQL Injections Remain A Threat As always, be sure to check out www.principlelogic.com/resources.html for ...
Continue Reading... -
04 Sep 2008
PCI v1.2 = 802.1x for wireless? Yeah right!
Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren't enough...Wireless must now be "implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission".Yeah right!! So people using WEP not only have to upgrade their hardware but ...
Continue Reading... -
03 Sep 2008
Upcoming PCI updates and the firewall change management disconnect
I was reading about the upcoming PCI DSS version 1.2 updates and noticed something that struck a chord. It's the requirement to review firewall rules every 6 months instead of every three. Wooo - what a nice break the Council has given everyone. Seriously folks, is anyone really reviewing their firewall rules on a regular basis? I don't mean loading up the PIX or Check Point or whatever interface, scrolling ...
Continue Reading... -
03 Sep 2008
In search of a good personal firewall…
Ever since my all-time favorite personal firewall - BlackICE - went away, I've been searching for product that could fill its shoes. I'm still searching...and it's a pain. Thanks ISS!!Anyway, I came across this "Firewall Challenge" site that compares the well-known and not so well-known personal firewall products, shows test results along with vendor responses, and gives a yay or nay on whether or not the product is recommended. Use ...
Continue Reading... -
02 Sep 2008
Questions posed to me about security testing
Here's a recent question posed to me regarding firewall assessments that you may benefit from:"I am currently running a security assessment in my company for all Cisco ASA firewalls and I would like to know if you have some sort of a guideline or a "recipe" that you are following as to what one needs to look for when performing a security assessment. That is, security flaws, loopholes, best practice, ...
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading... -
29 Aug 2008
Talk is cheap
In watching the clips from Obama's Adult American Idol speech last night (I couldn't bear to watch it all live) I was reminded of previous bosses I've had and other people I've seen regarding their "support" of information security:Posturing and pandering and spouting out whatever makes people feel good is very, very easy.Just like certain people are good at manipulating others negatively for their own gains, anyone (Obama, McCain, your ...
Continue Reading... -
29 Aug 2008
Who needs life vests anyway?
Jazz Airlines (subsidiary of Air Canada) has removed life vests from their airplanes in the name of saving weight and fuel. So, increase the risk of your passengers at whatever cost...?? I'm sure the savings of 83 pounds per flight should more than outweigh any risk. Sounds like the typical risk management decisions being made in all too many businesses out there.I suspect we'll start seeing this kind of nonsense ...
Continue Reading... -
28 Aug 2008
Want to try some ‘sploits but don’t have anything to ‘sploit?
If you've ever wanted to play around with Metasploit - the free pen test/exploitation toolkit - but you didn't know where to start....well, here's an interesting site I came across that hosts free trial versions of software known to be vulnerable to attack using Metasploit, etc..Oh, if you need a quick primer, check out the following articles I've written on Metasploit as well:Metasploit 3.1 updates improve Windows penetration testingMetasploit 3.0 ...
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including:
