Saturday, January 31, 2015

2015-005: Threat Modeling with Lee Brotherston


Threat Modeling... ranks right up there with Risk Assessments in importance...  You gotta figure out how the applications you're creating or the systems you're engineering are secure.  It really takes knowing your application and really, knowing the enemies/factors that can cause your application to fail, from santizing inputs on a web app, to making sure that your code doesn't have use-after-free bugs.

Brakeing Down Security talked about conducting threat modeling and application reviews with Lee Brotherston (@synackpse) from Leviathan Security (@LeviathanSecurity) this week. We discuss types of risk analysis, including one named 'Binary Risk Analysis', which may simplify assessment of your computer systems.  

 

Show notes = https://docs.google.com/document/d/1K-eycek2Xud7loVC4yrHg6eHCY0oyztV_ytbY433oYk/edit?usp=sharing


Here is a new episode of Brakeing Down Security!

Sunday, January 25, 2015

2015-004-SANS Top 20: 20 to 16


Mr. Boettcher and I went over the bottom 5 of the SANS Top 20 security controls that businesses should implement. When put into the right order, you should be able to have an environment that is able to withstand most any attack.

We also talk about 5 'Quick Fixes' that will put you on the right track with becoming more secure.

 

You may be surprised at what is considered a priority...  have a listen: (QR code links to the mp3)

 

Show notes: https://docs.google.com/document/d/1JuRJ-RPTmw50pTeO82rb9_rC8tFf53eiUzkppfwQvs0/edit?usp=sharing

 

 

 

 

"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Saturday, January 17, 2015

All About Tor


Brakeing Down Security tackles the 'Deep Web' this week... yep, we talk about Tor. If you don't have a lot of experience with this or wonder how it works, we give you a little history and help you understand the traffic flow works.

 

We even give you some advice on de-identification and things you shouldn't allow when traveling the Deep Web, like Javascript, Flash, and Java.

 

Show Notes:

https://docs.google.com/document/d/1vBI_bg_0RzF_sSNMj84xQpEZGUrxtAkB8SxZ08MzUi0/edit?usp=sharing

 

 

 

 

 

"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Saturday, January 10, 2015

Episode 2: Big Trouble in Small Businesses


Security's the same, the world around...  and is a necessity in businesses of all sizes, from the mega-corporations, all the way down to the business with 10 employees in a garage in suburbia.

This week, Mr. Boettcher and I discuss security in small businesses. What is needed to make security part of the culture of a new company. We discuss some open source tools to ensure that networks are monitored properly, logs are collected, collated, and analyzed. And better yet, these are on the cheap, which is helpful for a small business on a tight budget.

 

 

 http://www.ihotdesk.co.uk/article/801717385/Most-small-businesses-have-faced-InfoSec-breach-recently

 https://blog.whitehatsec.com/infosec-europe-wrapup/

 

 http://www.infosectoday.com/Articles/DRPlanning.htm

 

"Dirty Rhodes" created by Kevin MacLeod (incompetech.com) 
Licensed under Creative Commons: By Attribution 3.0
http://creativecommons.org/licenses/by/3.0/


Here is a new episode of Brakeing Down Security!

Saturday, January 3, 2015

2015-001- "unhackable" or "attacker debt"


This is a quick little podcast I did without Mr. Boettcher about a Twitter discussion that occurred when Dr. Neil Degrasse Tyson mentioned that we should just make computers 'unhackable'.

The first episode of the 2015 season of Brakeing Down Security is here!


Here is a new episode of Brakeing Down Security!