internet
Wednesday, March 14, 2018
Finally. Finishing up after Part 1 and Part 2, this is the end of my updated thoughts on an old Server Fault post with some final thoughts on reducing risks in the future.
Reducing the risk in the future. The first thing you need to understand is that security is a process that you have to apply throughout the entire life-cycle of designing, deploying and maintaining an Internet-facing system, not something you can slap a few layers over your code afterwards like cheap paint.
Continue reading →
Wednesday, March 14, 2018
Following on from Part 1 of my revision of an old Server Fault post, we will continue on to look at remediation after an intrusion.
(Part 3 available here)
Understand the problem fully: Do NOT put the affected systems back online until this stage is fully complete, unless you want to be the person whose post was the tipping point for me actually deciding to write this article. I'm not going to link to that post so that people can get a cheap laugh, but the real tragedy is when people fail to learn from their mistakes.
Continue reading →
Wednesday, March 14, 2018
Introduction In this series of posts I’m revisiting an answer to a question that appeared on Server Fault way back in 2011. I’m pleased to say that it’s been viewed over 100,000 times, and I like to think its helped a few of them.
But it’s time to look again. Since I wrote that post, there have been some huge intrusions, such as the well known Ashely Madison, Anthem Medical Data and JP Morgan breaches that affected millions of people.
Continue reading →
Saturday, September 9, 2017
I’m currently reading /r/sysadmin on reddit at the moment, specifically this post from someone ranting that a user complain that “malware spam e-mail” went to their mail client’s spam folder. While this is classed as a rant on the site and not intended as deep analysis of a problem, their entire comment on this was:
What the hell? This is exactly what it should have done! I'm really not sure what to say to this, or to the responses that suggest telling the "
Continue reading →
Sunday, June 11, 2017
So I recently did a podcast with SonicWall on Safeguarding and the statutory guidance on Keeping Children Safe in Education (KCSiE). You can listen to it here.
Invaluable resources:
Safer Internet Centre's Advice section. Internet Watch Foundation (IWF) Thinkuknow website.
Continue reading →
Thursday, May 16, 2013
So we’re a Mimecast customer and today they had a few problems with their email services in the UK going offline for a large part of the working day. No big deal as such, other than that they make big claims for their own availability and have been quite ready to point out the failings of others in the past - and the responsible people at those others are probably reacting to today’s events by pouring champagne down their throats as fast as they can get the bottles open… well maybe not at Google.
Continue reading →