Auditing Windows Permissions with Get-ACL

James TaralaBaselining, Uncategorized, Windows Auditing

One of the new Microsoft PowerShell cmdlets that auditors should appreciate is the GET-ACL cmdlet. Now, through native PowerShell commands, an auditor can retrieve a list of all the permissions associated with a given Windows object. The output from this command can be used to create a permissions baseline if someone is trying to alert on permissions changes. Or this … Read More

Parsing Windows Firewall Rules

James TaralaScripting, Uncategorized, Windows Auditing

In our last post we discussed how to gather general information about the configuration of a Microsoft Windows Firewall, host based firewall configuration. But what most people are really interested in when doing a firewall audit is how the firewall rules themselves are configured. One of the challenges of auditing a Microsoft Windows Firewall ruleset is how do you parse … Read More

Open Proxies and Edit Wars on Wikipedia

Kelli TaralaUncategorized

There was an interesting article earlier this week concerning IP blocking by Wikipedia, a wildly popular online encyclopedia tool. Wikipedia’s “Arbitration Committee” of experienced volunteer editors voted to block changes from all IP addresses owned or operated by the Church of Scientology and its associates. Is this censorship or good enforcement? Read on, and you decide. After a lengthy internal … Read More

Free the Security Researchers

Kelli TaralaUncategorized

  There is news of a controversial bill before the Nevada legislature that would make felons of people that possess, read or capture the personally identifying RFID information of others.  In general, it is a good idea to protect personally identifying information, but let’s separate the good from the bad. The bill in its current form […]

Hathaway to Head CyberSecurity Efforts

Kelli TaralaUncategorized

Cyber gossip…
 
A story posted online yesterday by The Wall Street Journal, quoting unnamed government sources, said that President Obama is expected to name Melissa Hathaway to head a new White House office of cybersecurity. “Ms. Hathaway helped develop a Bush administration cybersecurity initiative aimed at better securing federal systems and critical-infrastructure networks against online threats.
 
The […]

Big Brother is Waking up in Ohio

Kelli TaralaUncategorized

The Register.com recently reported on a disturbing announcement from the University of Ohio. Professor James W. Davis and grad student Karthik Sankaranarayanan have developed software that can independently, without human intervention, track a person via the CCTV cameras.
Davis and Sankaranarayanan’s software works by using a pan-tilt-zoom camera to create a panoramic image of its entire […]

Cyber Security Social Contract from the Internet Security Alliance

Kelli TaralaUncategorized

If you are an Info Sec professional and you are not familiar with the Internet Security Alliance (ISA), you need to check them out. These are fresh observations on how to begin to fix the current state of cyber insecurity.This non profit trade organization is a collaboration between the Electronic Industries Alliance (EIA), and Carnegie […]