IT Security and Compliance Articles
Read articles from industry experts New Net Technologies to find out about best practices in keeping your IT systems secure.
- Category: PCI DSS Compliance
The interesting thing about the breach reported by Vancouver-based Information Systems & Supplies Inc. is that it highlights the responsibility now borne by 3rd party suppliers to PCI merchants. Remote access services such as LogMeIn or TeamViewer provide superb levels of functionality equivalent to a direct Remote Desktop session, and, naturally, are highly secure in their architecture and operation.
- Category: CIS Benchmark
Since the introduction of the Windows Advanced Audit Policy, fine-grain control has been provided to system activity auditing. This allows detailed auditing to be applied more precisely with unwanted events being suppressed at source. The audit policy settings work in conjunction with a 'System Access Control List' (SACL). The SACL is defined for each system object (e.g. folder, file etc) and defines the access attempts to be logged.
- Category: Change & Configuration Management
This final article in the series of 3 focuses on one of the key security best practices that is usually the hardest to implement, one requiring wholesale organizational and cultural change within the IT Team: Change Management.
- Category: File Integrity Monitoring
In part 1 of this series of articles, we talked about the importance of using File Integrity monitoring for system files as a backstop to AV for detecting malware. Enterprise-level FIM goes further where configuration files are concerned to not only detect and report changes to config settings but to also identify vulnerabilities.
- Category: File Integrity Monitoring
This is a 3 step series examining why File Integrity Monitoring (FIM) is essential for the security of any business’ IT. This first section examines the need for malware detection, addressing the inevitable flaws in anti-virus systems using host intrusion detection system (HIDS) principles.
- Category: File Integrity Monitoring
Within the FIM technology market, there are choices to be made. Agent-based or agentless is the most common choice, but even then there are both SIEM and ‘pure-play’ FIM, solutions to choose between.
- Category: Event Log Management
Whether you are working from a SANS 20 Security Best Practices approach or working with an auditor for SOX compliance or QSA for PCI compliance, you will be implementing a logging solution.
- Category: PCI DSS Compliance
Most organizations will turn to a QSA when undertaking a PCI Compliance project. A Qualified Security Assessor is the guy you need to satisfy with any security measures and procedures you implement to meet compliance with the PCI DSS so it makes sense to get them to tell you what you need to do.
- Category: Device Hardening
In the UK, HM Government’s ‘Cyber Incident Response Scheme’ is closely aligned with intent and purpose to the forthcoming US Cyber Threat Sharing Bill.
- Category: PCI DSS Compliance
PCI DSS Version 3 will soon be with us. Such is the anticipation that the PCI Security Standards Council have released a sneak preview ‘Change Highlights’ document.
- Disable Windows Services
- What are the recommended Audit Policy settings for Windows & Linux
- Server Hardening Policy - Examples and Tips
- Server Hardening Checklist - Which Configuration Hardening Checklist Will Make My Server Most Secure?
- File Integrity Monitoring Software
- Windows Server 2008 2008R2 Hardening Guide
- Linux Server Hardening
- The Windows Advanced Audit Policy Configuration
- The Top Ten of Audit and Event Log Monitoring
- Which File Integrity Monitoring Technology Is Best For FIM? File Integrity Monitoring FIM or SIEM FIM?