IT Security and Compliance Articles

Read articles from industry experts New Net Technologies to find out about best practices in keeping your IT systems secure.

Windows server 2008 hardening

Agent versus Agentless is a perennial debate for any monitoring requirements and is something that has been written about previously. The summary of the previous assessment was that agent-based FIM is usually better due to the real-time detection of changes, negating the need for repeated full baseline operations, and due to the agent providing file hashing, even though there is an additional management overhead for the installation and maintenance of agent software.

Windows server 2008 hardening

Prevention of security breaches is always seen as the best approach to protecting key data assets. Hardening a server in line with acknowledged best practices in secure configuration is still the most effective means of protecting your Server data. Deriving the right checklist for your Server 2008 estate requires an iterative process, starting with an ‘off the shelf’ hardening checklist and comparing this to your current hardened build standard for Server 2008.

PCI Compliance is Mandatory

If you're thinking "That's hardly breaking news?" I would tend to agree. However, it is still providing plenty of copy even though the PCI DSS was introduced seven long years ago. At the time it was 'mandatory' and 'urgent' but the problem now is that, so many firms have avoided or delayed measures that overcoming the apathy often associated with PCI compliance is getting more difficult.

Server Hardening Policy

Despite the increased sophistication employed by hackers for both external and internal attacks, around 80% of all reported breaches continue to exploit known, configuration-based vulnerabilities. Server or system hardening is, quite simply, essential in order to prevent a data breach.

Server Hardening Checklist

Any information security policy or standard will include a requirement to use a ‘hardened build standard’. The concept of hardening is straightforward enough, but knowing which source of information you should reference for a hardening checklist when there are so many published can be confusing.

FIM and SIEM

It is well known that Anti-Virus technology is fallible and will continue to be so by design. The landscape (Threatscape?) is always changing and AV systems will typically update their malware signature repositories at least once per day in an attempt to keep up with the new threats that have been isolated since the previous update.

tokenization

I was recently sent a whitepaper by a colleague of mine which covered the subject of tokenization. It took a belligerent tone regarding the PCI DSS and the PCI Security Councils views of Tokenization, which is understandable in context - the vendors involved with the whitepaper are fighting their corner and believe passionately that tokenization is a great solution to the problem of how best to protect cardholder data.

Fim and sim lock

Every time the headlines are full of the latest Cyber Crime or malware Scare story such as the Flame virus, the need to review the security standards employed by your organization takes on a new level of urgency.

FIM Agent

The incessant escalation, both in malware sophistication and proliferation, means the need for fundamental file integrity monitoring is essential to maintain malware-free systems. Signature-based anti-virus technologies are too fallible and easily circumnavigated by zero-day malware or selectively created and targeted advanced persistent threat (APT) virus, worm or Trojan malware.

audit policy thumbnail

Recommended Windows & Linux security audit checklist guide - Audit Policy settings for PCI DSS and other compliance standards

Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire
AL5 2JQ

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.