You can't secure what you don't acknowledge.SM

Thursday, March 22, 2012

Don't underestimate the value of firewall rulebase analysis

Are firewalls sexy? No...but you must understand that they're an integral part of your overall information risk equation. From configuration flaws to rulebase anomalies to overall system inefficiencies, your firewall rulebases can make or break security, business continuity and other critical parts of your IT operations.

Last week, AlgoSec's Nimmy Reichenberg and I recorded a webinar titled How to Automate Firewall Operations, Simplify Compliance Audits and Reduce Risk that you may want to check out. It's not salesy or filled with marketing fluff. It's more of us having a conversation about some common firewall security and management oversights and what needs to be done to rein in the problems.

I'm a believer in firewall rulebase optimization. I've seen mis-managed and undersecured firewalls do everything from take down an entire enterprise's operations for hours on end to making critical network flaws open to the outside world. I'm working on such projects right now and I'm pretty sure every network - every firewall - that hasn't been properly reviewed and that isn't being properly managed has these same risks present at this very moment.

Check out our discussion and see if you think there's a fit for better firewall oversight in your enterprise.You can't change what you tolerate in IT...acknowledge the issues that are hidden in your environment and vow to do something about them once and for all.

An interesting Microsoft tool to help with data classification

Have you ever heard of Microsoft's Data Classification Toolkit for Windows Server 2008 R2? Me either. But it may be worth taking a look at. The lack of data classification and proper retention is at the core of many IT risks not to mention legal and compliance issues. You can't secure (or protect, or retain, or dispose of) what you don't acknowledge.

If the Data Classification Toolkit is anything like Security Compliance Manager, it may well be worth checking out. It's free...and if you don't have any other tools or means to get your arms around data classification, why not start with it? Could provide a good segue into better security controls as a whole.

Monday, March 19, 2012

Neat tools to seek out sensitive files on laptops & websites

"Oh yeah, I forgot about all of those files." I've never had a security tool lead to these predictable words regarding sensitive files being stored on unencrypted laptops as much as Identity Finder has. You may have seen Identity Finder in my previous post and related articles and presentations where I've mentioned or demonstrated it. Identity Finder is a commercial product that IT and information security professionals can use to uncover files that are at risk on under-protected laptops - even the entire enterprise.

 Here's a quick peek of what Identity Finder can uncover on a laptop:


Pretty eye-opening, huh? Especially if you find all of this information on an unencrypted laptop.

Check out Identity Finder. It's one of those good bang for the buck tools that can help you with information discovery, classification, leakage prevention or just to simply make the case that PII or intellectual property are not being protected the way they should be.

There's a related tool I recently came across that you should check out as well called FOCA. FOCA (more specifically FOCA Free) is a data gathering tool you can use to seek out sensitive files on websites you may be testing. It's got a few little quirks but, compared to so many other free tools I try, it actually works. Here's a screenshot of its interface:



I'm convinced that those of us in IT and infosec are no different than surgeons, carpenters or race mechanics. If we don't have the right tools for the task, we're not going to accomplish all we need to accomplish. Consider adding Identity Finder - and FOCA - to your arsenal. They can't hurt!