Feed on
Posts
Comments

Category Archive for 'Security Architecture'

IAM is a very strong tool to get in control of your accounts. With an IAM system for all standard users you will quickly protect all standard access and manage all access control. On top of that comes the protection of your privileged accounts and that means more advanced solutions like PAW or ESAE. In […]

Read Full Post »

You have all heard about the layered security approach and probably understood it. Sometimes it just becomes very visible how it works. I recently visited a client in southern Europe where we are delivering a high security project and as part of that project we are working in a secure room, a locked and secured […]

Read Full Post »

I had a chat with a friend of mine, who is an enterprise architect and a damn good one as well, regarding integration architecture vs security architecture and where the cross section. While his stand point is that integration architecture is imperative to understand how business unites should work together my viewpoint is that from […]

Read Full Post »

The number is five

I received a mail recently regarding how many domain admins a company should aim for to have. Of course, this is always dependent on the structure of your company etc. but as a rule of thumb I aim for five domain administrators. So, why five? It is actually quite easy to calculate. First of all: […]

Read Full Post »

Processors are vulnerable. Who knew? Most interesting is that this is a flaw in the architecture in itself. Those types of errors tend to be harder to fix because it is part of the overall solution. Tis specific case will be interesting to follow. I don’t expect it to that much of a problem in […]

Read Full Post »

Tier 0 and GDPR

I love working with security and I´m fully aware that there is always an expert that knows the details better than I do and also another expert that knows the whole field better than I do. I can only prod along and do my best. Sometimes, however, I´m baffled by how some people are blind […]

Read Full Post »

Yet a year has passed

Wohoo! The day has come when I turn 45 and I have still many years left to work in the most interesting of fields. There is so many new vulnerabilities still waiting to be found. I expect the next year to have focus on lower level attacks and also more stealthy attacks. On the level […]

Read Full Post »

Why do I care about defining Tier 0 and why is it a problem to have a large Tier 0? It is all part of minimizing the attack surface. You want to minimize the places where it is possible to find a domain administrator account and exploit that. It is far easier to secure 20 […]

Read Full Post »

Defining Tier 0

Credential Theft is a bid problem today. Many of the attacks we see are targeting accounts rather than the individual computers. This is due to the cost of exploiting. As soon as you have a valid account it is much easier to travel around and try to find a domain admin account. As soon as […]

Read Full Post »

WPA2 breached

May you live in interesting times! Using WPA2 apparently is not a good idea anymore. This caught my interest as it is a breach on a protocol level rather than just a function and there are many companies that have moved to WIFI and rely of WPA2-Enterprise to secure the communication. So many WIFI units […]

Read Full Post »

Next »