Security Balancetrying to bring balance to the Force |
 |
I usually don’t give much credit to NAC articles and news on Network Computing. They are usually that old crap about new miraculous products. However, this little piece is very good.
Jeff Prince explains quite well which kind of NAC implementations are worth something and which are not. Of course, looking at his signature I noticed [...]
Eugene Spafford is one of the best minds in the infosec field. This post from him is very aligned with that other one from Anton Aylward that I mentioned here yesterday. I personally agree with a great part of what he is saying there. In a nutshell, he says that we usually spend too much [...]
I’ve just read another of those posts that should be framed and hung hanged on a wall.
This post from Anton Aylward is great, even with he just stating something very obvious. Super ninja risk analysis initiatives sometimes make people forget about the basics, even if the expected results of the RA is knowing that those [...]
It’s no news that several of the best application security minds are working for MS today. This blog is a live proof of that.
There is a very good post there about the first line of defense for web applications, the input validation. I’m participating in a web app development project that has a small part [...]
Anton Chuvakin wrote a nice piece about a log analysis he performed on a compromised box. It was interesting to see some techniques I’m using on my work and on my master thesis. He also mentioned some experience on profiling users (the information that one week to one month is enough was very valuable to [...]
This post in Securosis is a very good analogy and also a good piece about the limits of encryption as a security measure. I always liked physical analogies, specially those with armies and military tactics. I’m trying to read a little more about police strategies, as they seem to me as they are a very [...]
This post from Gunnar Peterson about security budgets is extremely interesting. The comparison that he suggests between security budgets and IT budgets is a very good way to detect misconceptions about security needs and alignment between the IT strategy and the security strategy.
However, it’s important to mention that some network solutions can solve problems that [...]
Rob Newby wrote a very nice piece about encryption usage. I believe the most important message there is that the focus should be on key management issues, not algorithm strength and key sizes.
