Profile of Adam Ely

Blog Posts: 15

Articles by Adam Ely

Intelligence Sources From Unlikely Places

No matter how hard we try to protect our networks, there is always the chance something will go awry. From hackers breaking into our mail servers to laptops infected with malware, we must watch for issues and get help where we can. Most of us have our traditional tools in place to watch for issues from the desktop to the servers: log analysis tools, IDS, AV reporting, and anything else we can possibly gather information from to help us fight...

Post a Comment

The Case For Outbound Filtering

We filter and block what comes into our networks, but often forget about what goes out. Attackers know this, and their attack plans even rely on it. Malware that has compromised an internal machine is often programmed to connect to a command-and-control system that resides outside the enterprise. And of course, attackers use outbound connections to transmit stolen data to their own repositories.

Post a Comment

Know Your Product's Security Capabilities

To build-out enterprises we utilize technologies in all forms. From the routers that shape the network to interrupters that understand the software powering our web servers, third parties have a hand in how secure our enterprise is. It is important when selecting third party technologies that security be kept in mind but we don't always get much of a choice. If we need a desktop operating system, we are pretty limited. If we need a widget for...

Post a Comment

The Limits Of Intuition

We in IT often rely on gut instinct to make decisions. We pride ourselves on the ability to look at a problem and quickly find a solution. We see a vulnerability, know a nasty exploit exists, and react by telling everyone the vulnerability must be patched. Instict and intuition play a useful role in decision-making, but it's a lot more limited than many people would like to admit, particularly in the realm of security and risk management. It's...

Post a Comment

Insecurity On The Go

Thanks to laptops, smartphones, iPads, and other new mobile devices, our enterprises now extend to the local coffee shop, hotels and even cars on the interstate and commuter trains. Organizations let users purchase their own devices and connect them to the enterprise in the name of productivity, but this policy also introduces risks. And IT shops know it. According to a recent InformationWeek Analytics survey on mobile device management (MDM),...

Post a Comment

IDS Best Practices

Intrusion detection systems (IDSs) have a bad reputation. Yes, they can be noisy and generate lots of false positives, both the network- and host-based products. But they are very useful to have at the WAN edge and within your LAN, and you can correct the signal-to-noise ratio through proper tuning and by understanding your environment. In fact, knowing your environment is the foundation of everything we as security professionals do. If we don'...

Post a Comment

Malware Busters

I've been seeing many organizations struggle with malware lately, so I thought I'd offer a refresher on dealing with malicious software and all the ways it can creep into your organization. Removing malware and rebuilding infected systems eats up IT time and resources (not to mention the potential fallout from any stolen information), so your best bet is to prevent the compromise in the first place. Here's how.

Post a Comment

Should You Secure Your LAN Like Your WAN?

Everyone knows organizations should never send sensitive data such as credit card or social security numbers across the Internet unencrypted, but many organizations think traffic inside their firewalls doesn't require as much protection as traffic that goes outside the perimeter. That's not the case. Attacks can be perpetrated by an employee or by an attacker who finds a foothold on the network. Being attacked by a stranger is a problem, but...

Post a Comment

Rogue Hunter: How To Track Wild Access Points

Rogue access points (AP) can show up on a network for any number of reasons. A user may set up an AP so he or she can bring a laptop to the break room and still have an Internet connection. A contractor or an internal engineer may set up a wireless router to create a test network and then forget to disable it at the end of the test. People who set up unauthorized APs usually don't mean any harm, but that doesn't make it harmless. If you think...

Post a Comment

Stupid Firewall Tricks

Firewalls have a bad reputation in many organizations, but it's not always the firewall's fault. Often, organizations use firewalls in places where they aren't really needed. For example, common practice dictates that we should place firewalls with stateful packet inspection enabled in front of Web servers. But does this really make any sense? Why perform stateful packet inspection on a stateless protocol? Why use a firewall in front of Web...

Post a Comment

White List Or Black List?

I have spent my week deep in thought on how to secure connections from third-party business partners into my organization. Many of these partners work as an extension of the company, such as outsourced development and operations. These partners have access to source code, business documents, and other sensitive data we would prefer that no one could get to. Data theft is a serious concern, as are other issues, such as a malware infection that...

Post a Comment