You can't secure what you don't acknowledge.SM

Friday, September 17, 2010

Unique new book on least privilege security in Windows

I've been reading through Russell Smith's new book Least Privilege Security for Windows 7, Vista and XP and I've realized it's about time for a book on this subject. I've covered some of the material in the past including in my recent tip Should Windows users have full administrative rights? and I know there's content on this topic scattered across various books, articles, etc. but I've never seen a book dedicated to the subject. Pretty cool.

The book gets pretty technical showing various ways to use Group Policy, Software Restriction Policies/AppLocker and so on to really lock down workstations...presumably without it getting in the way of doing business. Speaking of that, to me, the most valuable chapter is Chapter 2: Political and Cultural Challenges for Least Privilege Security. Get over those humps and the technical stuff is a relative piece of cake.

From what I've seen thus far Least Privilege Security for Windows 7, Vista and XP is a solid book from a relatively young, yet promising, publisher (Packt Publishing) on a very important topic for Windows admins these days. You can buy the book on here:

Here's a sample chapter from the book:
Solving Least Privilege Problems with the Application Compatibility Toolkit

Packt also has an online portal (PacktLib) that allows you search across all of their books.

Definitely worth checking out.

Are your high-tech devices enslaving you?

I saw a recent Don't Sweat the Small Stuff calendar quote where Richard Carlson said:

"It's important to see when your high-tech communication devices actually limit your freedom, enslaving you instead of providing new opportunities for growth."

Wow, how true that is! Ever tried to not look at your emails or answer phone calls when you're out and about with your family or taking some time to yourself? Especially when you're on vacation...It's very difficult but it can be done. If you're going to have peace of mind, it has to be done.

Dr. Carlson also had a related quote - one of my all time favorites:
"If someone throws you the ball, you don’t have to catch it."

Think about what Dr. Carlson said and try it out over the next couple of weeks. I've found that if you do it and stick with it, you'll not only develop a greater sense of peace but practically every aspect of your life will benefit from it.

Thursday, September 16, 2010

Article 2, Section 1: Employees shall not be allowed to defend themselves

Here's an interesting scenario of company policy versus state law. Regardless of the interpretation and how it turns out, way to go Iron Mountain for making it known your employees are unarmed!

In the same spirit of those "zero tolerance" school zones that tell the bad guys that there's no one there to defend themselves, this kind of stuff is absolutely mindless.

Wednesday, September 15, 2010

New content on data protection & compliance

Here's the full download of the CSO Executive series I wrote recently for on data protection and compliance in the enterprise:

The series consists of the following:
Article 1:
Primary Concerns of Regulatory Compliance and Data Classification
Article 2:
Finding, Classifying and Assessing Data in the Enterprise
Article 3:
Data Protection Reporting and Follow Up


Hacking Methodology chapter available for download

Chapter 4 of the latest edition of my book Hacking For Dummies is now available for download on TechTarget's

If you like what you see, here's a direct link to the book on Amazon where you can save 34% off the cover price:

Happy ethical hacking!

Tuesday, September 14, 2010

Preventing email denial of service when scanning Web apps

Here's a new piece I've written that outlines one of those pesky Web scanning problems most of us have been affected by in some way or another:

Ways to avoid email floods when running Web vulnerability scans

Hope this helps!

Sunday, September 12, 2010

You cannot secure what you don't acknowledge

Here's a piece I wrote for on storage security...specifically some must-have tools for finding storage-related security flaws in small business.

Five must-have data storage security tools for smaller businesses

If you don't know what's where it'll be impossible to keep it secure.