By jeffreycentex on Jul 4, 2007 in Uncategorized | 0 Comments
Post Tags: Security
From a mailing list that I am on:
This chart provides information regarding security breach notification legislation which has been enacted in U.S. jurisdictions. The pioneering statute on this issue, California’s Security Breach Notification Act (Senate Bill No. 1386), is used as the baseline for comparisons herein.
Link (Perkins Coie)
It’s been out for a while now (March [...]
By jeffreycentex on Jan 28, 2007 in Uncategorized | 5 Comments
Post Tags: Network Toolkit • Reviews • Security
OK, I promised all of you a product review in my last blog entry. My first entrant is an open-source firewall project that I am currently using at my workplace. I was seeking a relatively “cheap” software-based firewall solution that would provide me with a dual-WAN setup that will allow our office to [...]
By jeffreycentex on Aug 13, 2006 in Uncategorized | 0 Comments
Post Tags: Security
Just a quick heads-up from the dudes at the Internet Storm Center - there is an active exploit of MS06-040 out in the wild…
See here for the diary entries.
Bleedingsnort rules are seeming to catch it.
For more information about it, visit the Security Bulletin.
Tags: MS06-040
By jeffreycentex on May 9, 2006 in NAP | 0 Comments
Post Tags: Security
On my new favorite topic, Steve Lamb is going through a series of postings entitled “JourneyThrough: Network Access Protection“. Be sure to check that out (bookmarked).
By jeffreycentex on May 9, 2006 in NAP | 0 Comments
Post Tags: Security
In my extended absence, I failed to note that the NAP (Network Access Protection) (Network Access Protection) Team at MS has a blog..
This is my most anticipated feature in Vista/Longhorn Server (note my disappointment that it wasn’t included in R2, but I completely understand why the decision was made).
This will be a boon for small/mid-sized [...]
By jeffreycentex on Jan 1, 2006 in Uncategorized | 0 Comments
Post Tags: Security
In case you haven’t check SANS ISC today, there is a new “present”…
A new variant of the WMF exploit…
Aaaarrrrgggghhh…
From the bulletin:
The exploit generates files:
with a random size;
no .wmf extension, (.jpg), but could be any other image extension actually;
a random piece of junk in front of the bad call; carefully crafted to be larger than the [...]
By jeffreycentex on Dec 29, 2005 in Uncategorized | 0 Comments
Post Tags: Security
I was caught a bit off-guard on this, but MS has released their security advisory for the WMF exploit that has been out for the past day or so…
Go to http://www.microsoft.com/technet/security/advisory/912840.mspx for more information.
There are also Snort rules for this exploit at BleedingSnort
By jeffreycentex on Aug 25, 2005 in Uncategorized | 0 Comments
Post Tags: Security
Continuing with the IPSec theme for today, you might be interested this whitepaper that discusses intra-Windows compatibility between modern Windows OS’s…
This paper includes information about managing intra-Windows compatibility among the IPsec-compatible Windows operating systems. This paper also includes information on regulatory compliance, Windows-based IPsec tools, and best practices. This paper is intended for IT professionals [...]
By jeffreycentex on Aug 25, 2005 in Uncategorized | 0 Comments
Post Tags: Security
Steve Riley has posted a fairly long article about why 802.1X should not be deployed on wired networks…
This is relatively new to me, considering that the 802.1X was the backbone of the Network Access Protection feature that will ultimately be included in Longhorn Server. My problem with the proposed solution that MS [...]
By jeffreycentex on Aug 24, 2005 in Uncategorized | 0 Comments
Post Tags: Security
Steve Friedl has posted a pretty good guide to IPSec protocol basics…
Warning - it is pretty technical, but understandable…
Tags: IPSec
