This tidbit is a refresher on looking at Cisco Firepower Intrusion Event logs and daily reports. Specifically, I wanted to review for all of you again the meaning of two key columns, the Impact and Inline Result columns The Firepower Impact scale is designed to help the recipient understand where to focus scarce resources first.

Keeping up with my theme on DNS related posts, this week I will again reprise a post from over a year ago on the importance of implementing proper control of DNS as part of your malware protection program.   It remains as valuable part of your overall all network and security management policies.

The US-CERT (Computer Emergency Response Team) recently gave a presentation on what China has been doing to hack anything they can hack with the goal of stealing intellectual property, money and personally identifiable information. While most public sector schools and government agencies are generally not vast repositories of intellectual property, they do manage and transfer […]

We constantly harp on all of you segregating third-party vendor equipment on to vendor VLANs.   The purpose of that is to keep third-party vendor equipment completely away from your internal network.  Ideally, we don’t want these vendors to see, touch, or ask your internal network anything.

Last month on January 22nd the US Dept of Homeland Security took the unusual step of issuing Emergency Directive 19-01 to all Federal Agencies.   The directive issued steps that had to be taken by those agencies to mitigate potential DNS infrastructure tampering.

This tech tidbit is a reprise of a tidbit we sent out back in June of 2018.   You may have missed this post back then as it was the end of the school year and preparing for summer was upon all of us.  But, I wanted to bring it to all your attention again.

The FBI came to visit us last week.  No it wasn’t an investigation.  It was for CSI’s 3rd annual Security Event.  I have talked about the topic of Cyber Threats in person and on-line, but our Supervisory Special Agent had a few interesting things to say beyond the topics Bob and I have been discussing […]

This week’s Tech Tidbit is short and sweet. If you have a server or device that is internet facing, make sure you have a real, commercial SSL certificate on it.   Do not use a self-signed certificate.   I don’t really care that it is just for “internal” use and you are smart enough to bypass the […]

One of the key features of the newest firewalls and intrusion protection systems (IPS) has been the addition of something called GeoBlocking. This feature allows the administrator to shut down traffic to or from specific countries or regions of the world and your local network regardless of any other firewall permissions in place.

Trend Micro has stated many times that you have approximately 4 minutes between when a threat enters your network and the infection breaks out. But who can respond that quickly? I have often said if we leave questions on the computer up to our end users, we have failed.