You can't secure what you don't acknowledge.SM

Tuesday, January 11, 2011

My "new" book on ethical hacking turns 1

Today marks the one year anniversary of the publication of my "new" book Hacking For Dummies, 3rd edition.

Wow, how time has flown by! Thanks so much to those of you who have provided both kind words and constructive criticism via your emails, reviews, and in your own independent sites and blogs. No doubt it'll soon be time to start planning out the 4th edition. Until then...

Tidbits on MS security, MBSA vs. the competition & cloud backups

Here are a few new articles I wrote for TechTarget where I talk about IIS 7.5 security, encrypting Windows Server drives, MBSA vs. commercial vulnerability scanners and the dearly beloved cloud backup services. Enjoy!

How vulnerable is Microsoft IIS 7.5 to attacks?

Pros and cons of Windows Server drive encryption

Weighing MBSA against paid vulnerability scanners

Preventing online backup security threats to your network

Beware the "network assessment"

There are many IT services firms - including some run by friends and colleagues of mine - who perform something called "network assessments". The outcome of these assessments - which are usually aimed at SMBs - is to determine the overall health of your network and computing environment, supposedly including security.

First, let me be clear that these are legitimate services to see where your network stands. That's fine and dandy - a useful service indeed. The problem is that these network assessments are being pushed/sold under the guise of security assessments. I was recently on a friend of mine's website and saw how they can check the security environment of a network. I looked at the Web site of another colleague of mine and his business claims to offer a service that ensures your sensitive data remains protected. In our discussions, neither of these people have ever claimed to be security experts. I don't believe "in-depth security assessments" are their intent either.

But what about all the other network services firms/consultants out there like them...?

My point is to be careful. Don't assume that just because a network engineer checks your systems, recommends some software updates or network design changes, and ultimately installs some new security products in your environment that your information is truly secure. A solid and effective information security program is much grander beast.

What's holding you back?

Orison Swett Marden once said:

"What keeps so many employees back is simply unwillingness to pay the price, to make the exertion, the effort to sacrifice their ease and comfort."

So the saying goes good enough hardly ever is.

Monday, January 10, 2011

Great quote on information security choices

Here's a great quote by Fred Smith that says it like it is:
"You are the way you are because that's the way you want to be. If you really wanted to be any different, you would be in the process of changing right now."

Obviously this also applies to our careers and personal lives...Like calories we ingest, our choices add up dramatically over time.