The Evolving World of DNS Security
I was recently at an event listening to representatives of ICANN and CloudFlare speak on security with DNS and it occurred to me that very few of us really understand or appreciate its nuances. It also so happens that the past 5 years have brought forward a lot of curious, and interesting, developments in one…
Read MoreLeadership Behaviors
I have been given a lot of thought to Leadership lately. I have been placing special emphasis on the things I personally look for in Leaders. It doesn’t matter if it’s someone I report to, or someone that reports to me. Coincidently, my biggest observations about leadership in corporate America is that we too often…
Read MoreInstalling OSSEC on Linux Distributions
The last few posts have been about deploying and configuring OSSEC as an important tool in your security suite. In this article I will provide you a script I wrote to help you quickly deploy OSSEC. This script assumes you are deploying on a Linux distribution (e.g., Fedora, Ubuntu, CentOS, or Debian). It will force…
Read MoreOSSEC FOR WEBSITE SECURITY: PART III – Optimizing for WordPress
The previous OSSEC articles went through through the process of installing OSSEC and deploying a distributed architecture. This article will focus on configuring OSSEC to make better sense of WordPress activity. WordPress is a powerful open-source Content Management System (CMS). Its biggest security weakness has always been its biggest blessing – its extensibility (e.g., plugin,…
Read MoreOSSEC For Website Security: PART II – Distributed Architectures Using Agents and Managers
This article assumes you already have OSSEC deployed. If you need a refresher, refer to the Part I of OSSEC for website security, written March 2013. OSSEC is popular open-source Host Intrusion Detection System (HIDS). It was founded by Daniel Cid, and currently maintained by a very large community of security professionals. Please note that…
Read MoreHow to enable 2FA on Twitter with Authy, Google Authenticator or another Mobile Application
It’s been a long time since I have had to enable 2FA on Twitter and found the process completely infuriating. Twitter’s 2FA configuration uses SMS as the default option, this is no longer advised by NIST. We don’t have to look far to understand why; in the TTP’s leveraged to hijack a customers domain portfolio…
Read More