Category: Cybersecurity
-
It’s Not Too Late… Yet.
One of the things I always tell my students is that it is much easier to build security into your IT infrastructure if you do it from the planning phase, and not as an afterthought. I read a great quote recently: The best time to plant a tree is twenty years ago; the next best…
-
How Could You Let That Happen?
A close friend of mine, an elderly gentleman from the old country (in every way), is going through a terrible time right now. Part of his struggles includes (a known) someone hacking into his email account. When he asked me ‘…why can’t I just hack into the account to take it back?’ I had to…
-
End of Days
In the IT field there are a number of different names for it. CompTIA seems to use two terms: End of Life (EOL) denotes that a product is no longer available for purchase, and End of Service Life (EOSL) means that it is no longer supported by the vendor. Microsoft uses the term End of…
-
You May Be Exposed… Deservedly!
I received this email this week: Let me be clear: these emails are quite important, and you should be paying close attention to them. With that said, this particular exposure was from nearly five years ago. If you have a password that is that old then maybe you deserve to be compromised? With multifactor authentication…
-
Not a Security Person…
I was approached about a job recently by a company I have worked with in the past. While speaking with the recruiter he told me that one aspect of the position was Identity and Access Management (IAM). He then told me that the client had specifically told him that “This job is NOT related to…
-
Certified in Cybersecurity
I have been security-minded for most of my adult life. Whether or not I have always lived it is another matter, but I have learned my lessons and have done my best to continually improve. While I have been taking IT certification courses and exams for nearly twenty-five years, it was only in 2022 that…
-
Do The Right Thing…
While I have been using and learning computers since 1979, by my own definition I only became a real IT Professional when I passed my first certification exam in 2003. At that time I was already aware of a lot of people in the business who were… less than reputable. When I went out on…
-
Security Baselines in Intune
Okay, if you are a strong believer in cybersecurity, raise your hands. Okay, you can put them all down now. While I know there are people out there who believe that everything should be open to everyone, I doubt they are reading my blog. Next: If you bought/acquired/were gifted/found/inherited your current computer and, before doing…
-
CVE Saved… for now?
Last night I posted that funding for the CVE (Common Vulnerabilities and Exposures) database had not been renewed, and that there was a chance that it would go offline. That funding was renewed at literally the last minute. The database has been managed by the MITRE Corporation since September, 1999, and is widely considered to be…
-
Defunding CVEs
CVE: Common Vulnerabilities and Exposures CWE: Common Weakness Enumeration CVSS: Common Vulnerability Scoring System If you work in the IT field then you are almost certainly familiar with these three terms. You might even know that the databases for CVEs and CWEs have been maintained by MITRE for… well, for as long as I’ve been…
-
The Human Firewall
We have firewalls and Intrusion Protection Systems. We have passwords and encryption and VLANs and network segmentation and every type of cybersecurity device known to man… but none of that will stand up against the biggest vulnerability in our corporate organization: the end user. In 1894 the Dutch industrialist JC Van Marken coined the term…
-
Portable Security Just Got Better
I have been telling my students for years that they do not need to be cybersecurity specialists, but they do need to plan security into every phase of their operations. That holds equally true if you are an application developer, infrastructure specialist, or desktop administrator. By not planning security into every aspect of what we…
-
Microsoft Disabling Older TLS Going Forward
Microsoft announced this week that future versions of Windows (client and server) will no longer have TLS 1.0 and TLS 1.1 enabled. This step is designed to encourage you to use modern security mechanisms for your organization. TLS (Transport Layer Security) is an encryption mechanism designed to prevent eavesdroppers from reading your data in transit,…
The World According to Mitch 