Note:  The response to our CyberSecurity Event has been overwhelming.  To accommodate everyone who wants to attend we have moved it to a much large conference room.  We do have a few seats still available.  This is your last chance to sign up for this event.

Hopefully, you all had a relatively sane and productive summer.   Security-related topics have been in the news for most of the summer with several incidents hitting fairly close to home. Perhaps the question I have been asked the most over the last month or so has been “what do I need to do to protect […]

Just when you thought it was safe to move along to other technical topics, along comes Scott Quimby’s Hardening Active Directory Part III to scare you even more.  If you haven’t watched Part I and Part II, you can find them here. In Part III we will do a little review of some core topics […]

I was recently reading a security study that said that 25% of applications are unpatched for an entire year!  As you approach the summer remember that you need to patch not only the operating system but also all your applications. Many of our biggest threats are application based: Adobe Flash Oracle Java Adobe Reader (PDFs) […]

Do you know how secure you are from the outside world?  Maybe you’re new and inherited a network, or there has been so much churn over the years with servers being added and retired and software previously available in-house now being hosted?   Maybe you have just lost track of patching? Regardless of the reason, a […]

Keeping up with my theme on DNS related posts, this week I will again reprise a post from over a year ago on the importance of implementing proper control of DNS as part of your malware protection program.   It remains as valuable part of your overall all network and security management policies.

The US-CERT (Computer Emergency Response Team) recently gave a presentation on what China has been doing to hack anything they can hack with the goal of stealing intellectual property, money and personally identifiable information. While most public sector schools and government agencies are generally not vast repositories of intellectual property, they do manage and transfer […]

We constantly harp on all of you segregating third-party vendor equipment on to vendor VLANs.   The purpose of that is to keep third-party vendor equipment completely away from your internal network.  Ideally, we don’t want these vendors to see, touch, or ask your internal network anything.

Last month on January 22nd the US Dept of Homeland Security took the unusual step of issuing Emergency Directive 19-01 to all Federal Agencies.   The directive issued steps that had to be taken by those agencies to mitigate potential DNS infrastructure tampering.

This tech tidbit is a reprise of a tidbit we sent out back in June of 2018.   You may have missed this post back then as it was the end of the school year and preparing for summer was upon all of us.  But, I wanted to bring it to all your attention again.