NetWorks Group Blog

Does your organization have backups? How about backups that are outside the confines of your primary data center? According to research (The Acronis Global Disaster Recovery Index: 2012) looking at data from 6,000 IT respondents, "Almost a quarter (23%) of all businesses still don’t have an offsite backup strategy in place today." The need for an off-site backup can be much more than just an added protection for availability, but also a point of integrity for changes occurring within your enterprise. Consider what would happen if an attacker was able to breach your network and then altered a crucial configuration file. Without an off-site backup, they could potentially edit the existing backups to hide their malicious change and you'd never be the wiser. Much in the same way that log backups sent off-site have added integrity, configuration backups also benefit from this technique.

At a recent ISSA Motor CIty chapter meeting one of our Sr. Security Engineers, Mark Stanislav, presented his thoughts on how the process of hiring Ethical Hacking (EH) services could be better accomplished by an organization who may not be familiar with doing so. During Mark's presentation he outlined ten big-picture topics and sub-points to each, covering a broad set of ideas. We thought we'd share some of those points today in a post regarding this crucial and sometimes complicated process. If your company is trying to hire penetration testing services (or other EH projects), we hope these notes may give you a bit better of a sense of what to expect and how to ensure success with your project.

At NetWorks Group, we put a lot of value in interacting in person with the various technology communities important to our team. More than that, we love to be able to meet with customers and people looking to find out more about what we do and how our team could help yours achieve tough goals.

Web applications continue to be an easy target for many attackers. There's generally a large attack surface, many best practices are often forgotten, and a single coding flaw can lead to a full compromise of the database or arbitrary code execution. Still, a quality Content Management System (CMS) can provide for a very functional web deployment and is hard to pass-up for many organizations.

Welcome to the new NetWorksGroup.com! Over our last 15+ years, the environment around IT infrastructure — especially security — has evolved to an extent that to keep up with best practices and compliance standards most organizations require an on-staff security team, and we're here to be that team.

Two-factor authentication can be the difference between a major compromise and just a fleeting annoyance for a company. While there have always been a few multifactor authentication options on the market, they rarely have gone to the lengths that Duo Security has to provide multi-language, multi-device, and multi-application support for two-factor implementation with one service. I won't go into the details of all that they offer, but it's important to us and our clients to have a solution that can cover many avenues of technology seamlessly.

The Certificate Authority (CA) system that currently handles how we publicly interact 'securely' with web sites, mail servers, and other services around the world can't catch a break. In the latest black-eye, an Entrust bulletin speaks about how a Malaysian CA called Digicert Malaysia recently issued 22 certificates with glaring CPS violations including the usage of 512-bit RSA keys. At this time, there's no suggestion of fraud or criminal activity being involved, but it's certainly confusing why this would have happened without it.

This is a first round of trying to provide community awareness of digital and social media that deserves a look (or listen). Today's post is a somewhat verbose listing of folks on Twitter I've found valuable over the years in the field of information security. Later blog posts will likely provide blog & news sites; podcasts; and other forms of media that give added value to your knowledge of the latest in information security. While this is just a short list, I hope some of them provide a guide to get to other talented people out there who may provide a bit more insight than you had before.

Fear, Uncertainty, and Doubt (FUD) are sadly a corner-stone of those who don't know enough to know better, or those that just don't care if they are wrong. When it comes to information technology, FUD is alive and well in 'cloud computing', at least from the perspective of those who want to make interesting headlines that will throw their readership into a tizzy.

If you're not already aware, October is National Cybersecurity Awareness Month! What may surprise some is that this designation is in its eighth year already and has really picked-up momentum among communities. Michigan is rather lucky to be holding the official national kick-off event on October 6th called the Michigan Cyber Summit. This event will bring in many notable government leaders such as Michigan Governor Rick Snyder and Secretary of the Department of Homeland Security, Janet Napolitano.