Weekly Security Tip

/Weekly Security Tip

Who’s Watching the Watchers IoT – WST


April 18, 2019 Who’s Watching the Watchers IoT- WST In a world of everything connected to the internet through the likes of IoT (Internet of Things) devices, the prospect of exploits and vulnerabilities abound. For the most part, these IoT devices lack the proper secure coding practices and security hardening that most well-known products implement. The focus is not on security, but convenience, and leads to numerous exploits being found on these remote devices. The remotely controlled video camera in the office or the one facing outside could have lurkers watching from another continent gaining intelligence on [...]

Who’s Watching the Watchers IoT – WST2019-04-18T18:07:23+00:00

Microsoft Security Update Guide-WST


April 11, 2019 Microsoft Security Update Guide - WST As most of you already know, Microsoft has been releasing Windows cumulative monthly updates for some time now.  Each of these updates (generally) includes relevant security updates from previous releases, making the installation process simpler.  Apply the most recent cumulative updates for your Microsoft software, and you should be in pretty good shape. The downside to this approach is that each update addresses multiple issues, and after applying the patch, there may be additional action needed (i.e. a registry key, GPO setting, etc.)  So how is a careful [...]

Microsoft Security Update Guide-WST2019-04-18T18:07:51+00:00

Why you should consider Ad Blockers – WST


March 28, 2019 Ad Blockers and why you should consider using them - WST Many websites use advertisements to help supplement the cost of creating new content, hosting the site itself, and to generate revenue. Many site owners utilize various ad platforms to load ads onto their websites. However, bad actors have been known to abuse these platforms to direct users to malicious websites or download malicious content. This is known as "malvertising". A seemingly innocuous ad could lead a user to a drive-by download or load malicious code from a compromised website. Reputable ad blockers such [...]

Why you should consider Ad Blockers – WST2019-04-18T18:08:16+00:00

Local Administrator Password Solution (LAPS) – WST


March 21, 2019 Local Administrator Password Solution (LAPS) - WST LAPS Local Administrator Password Solution (LAPS) addresses the basic issue where the same local administrator accounts are used on all hosts throughout the organization, leaving them susceptible for “Pass-the-Hash” and credential re-use attacks. LAPS does this by leveraging a combination of an application installed on a Domain Controller, Active Directory (AD) Templates, and PowerShell modules. The LAPS password is stored as the ms-Mcs-ADMPwd AD attribute and associated with a domain computer.  LAPS credentials are also passed using Kerberos encryption by default. Additional benefits include automated password rotation [...]

Local Administrator Password Solution (LAPS) – WST2019-04-18T18:09:08+00:00

Are you prepared for the EOL Shockwave? – WST


March 14, 2019 Are you prepared for the EOL Shockwave? - WST Often, we take software that seems to have ‘always been there’ for granted, until suddenly it’s not supported.  At other times, ‘must have’ software fades into obscurity as it’s gradually replaced by alternatives.  Either way, you should be prepared for an End of Life (EOL) announcement just as much as you should for important software update announcements. This week it’s an announcement by Adobe.  They have announced the EOL for Adobe Shockwave, on April 9th, with extended support only for Enterprise customers.  This also means anyone who [...]

Are you prepared for the EOL Shockwave? – WST2019-04-18T18:08:44+00:00

Intrusion Detection and Prevention Systems: Are they really working? – WST


March 7, 2019 Intrusion Detection and Prevention Systems: Are they really working? - WST Let’s face it, if you have a public IP you’re going to get some type of illegitimate access attempt directed at your network at some point. Probably multiple times per day. Just look at your firewall logs and alerts sometime. If you are not, you should be; daily. If you don’t have one or are not familiar with the concept, an Intrusion Detection and Prevention System (IDS/IPS) will actively detect and prevent malicious or unwanted attempts at access. Your IDS/IPS can be deployed as [...]

Intrusion Detection and Prevention Systems: Are they really working? – WST2019-04-18T18:09:31+00:00