standard

Host Based Risk Scoring (Part 2): Calculating the Vulnerability Level of a System

This is Part 2 of a three part series. If you haven’t checked out Part 1, check out the post at Host Based Risk Scoring (Part 1). Please note that information in these articles are taken from my personal ideas and experience. I’d love to hear your comments and thoughts on these concepts. Feel free to leave them at the bottom of the post.

In the last post, we talked about how to calculate true host “Risk” at a conceptual level. In this post, we’re going to dive a little deeper into that concept and put some real numbers to it. At the end of the post, there is a link to a “Risk-o-meter_Spreadsheet” that allows you to play with the inputs and see what the total risk score comes out to be.

// read more

standard

Host Based Risk Scoring (Part 1): How do you calculate Risk?

Hey all! This is the first post in a series about the concepts of a Host Based Risk Scoring System. This is an idea I had a few years ago (Spring 2012), while doing a lot of testing of McAfee and Symantec host products. The work involved trying to determine how effective the products were against varying attack vectors and post-exploitation movement. One of the attack vectors was “Embedding custom shellcode in an Excel Macro”.  It was successful and the products didn’t alert to it, yet I haven’t seen a system implement these methodologies.

This raises a fierce debate about whether macros are a useful function to an enterprise or whether they are simply a security risk. The “Security vs. Functionality vs. Ease-of-use” debate has been going on for years. As security is increased, “Functionality” and “Ease of Use” are decreased by a proportional amount. The only way to be 100% secure is to disconnect your computer from the network and turn it off.

// read more

standard

Cloud Security (Part 1): Passive Security Monitoring in RackSpace

This is Part 1 of our “Cloud Security” series, with a goal of setting up a simple passive security monitoring capability in the cloud. Future posts will show how to enable out-of-band management, as well as setting up the monitoring services themselves. Enjoy!

// read more