-
17 Sep 2008Just throw some more money at the problem – that’ll fix it
Yesterday, the Cobb County government school system - the county where I make 99% of my retail purchases - had their wish fulfilled when voters passed to renew the current special purpose local option sales tax (SPLOST). This in a county where the government schools are wrought with fierce politics and wasteful spending. I know not only because of the stories I read but also because I've seen it first ...
Continue Reading... -
15 Sep 2008
My latest security content
Here's an article I wrote for SearchSMBStorage.com...Enjoy!How SMBs can ensure storage securityAs always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, screencasts and more....
Continue Reading... -
11 Sep 2008
You won’t become an expert overnight, but….
I'm reading a great series of books called Speed Secrets on how to be a better car driver and am finally starting to realize the investment I've made. The techniques in these books really do work. I'm confident they've made me a more alert and conscientious driver - even on the street just driving back and forth to work. That said, I've come to terms with just how much I ...
Continue Reading... -
09 Sep 2008
Mediocrity at its best
I just read this Dilbert comic strip the other day on my Dilbert desktop calendar from a few months back (I'm running behind) and Mike Rothman has a good post about it here. Explains why we have so many security problems.Security best practices anyone??...
Continue Reading... -
05 Sep 2008
My security content from this week
Here are two articles I wrote for Security Technology & Design magazine (a really good trade rag covering both IT and physical security) as well as another piece for Redmond Developer News I was interviewed for. Enjoy!Get Certified? The real deal with information security training and certifications10 Ways to Protect Your Web ServersDespite Help From Microsoft, SQL Injections Remain A Threat As always, be sure to check out www.principlelogic.com/resources.html for ...
Continue Reading... -
04 Sep 2008
PCI v1.2 = 802.1x for wireless? Yeah right!
Apparently the new changes in PCI DSS v1.2 (due out in October) are going to require more robust wireless security. As if no new WEP implementations after March 2009 and none at all after June 2010 weren't enough...Wireless must now be "implemented according to industry best practices (e.g., IEEE 802.1x) using strong encryption for authentication and transmission".Yeah right!! So people using WEP not only have to upgrade their hardware but ...
Continue Reading... -
03 Sep 2008
Upcoming PCI updates and the firewall change management disconnect
I was reading about the upcoming PCI DSS version 1.2 updates and noticed something that struck a chord. It's the requirement to review firewall rules every 6 months instead of every three. Wooo - what a nice break the Council has given everyone. Seriously folks, is anyone really reviewing their firewall rules on a regular basis? I don't mean loading up the PIX or Check Point or whatever interface, scrolling ...
Continue Reading... -
03 Sep 2008
In search of a good personal firewall…
Ever since my all-time favorite personal firewall - BlackICE - went away, I've been searching for product that could fill its shoes. I'm still searching...and it's a pain. Thanks ISS!!Anyway, I came across this "Firewall Challenge" site that compares the well-known and not so well-known personal firewall products, shows test results along with vendor responses, and gives a yay or nay on whether or not the product is recommended. Use ...
Continue Reading... -
02 Sep 2008
Questions posed to me about security testing
Here's a recent question posed to me regarding firewall assessments that you may benefit from:"I am currently running a security assessment in my company for all Cisco ASA firewalls and I would like to know if you have some sort of a guideline or a "recipe" that you are following as to what one needs to look for when performing a security assessment. That is, security flaws, loopholes, best practice, ...
Continue Reading... -
02 Sep 2008
My security content from this week
Here's a piece I wrote for SearchDataBackup.com (a new TechTarget site I'm now writing for):Change management and disaster recovery...as well my thoughts on the latest and greatest version of BackTrack (a tool you've gotta get familiar with):Free security testing toolkit review: BackTrack 3As always, be sure to check out www.principlelogic.com/resources.html for all of my information security articles, podcast interviews, webcasts, and screencasts....
Continue Reading...
Resources
Client Testimonials
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”
(IT managed services firm)
I’ve written/co-written 12 books on information security including one of the best-sellers of all time:
