security | announcement
The CrowdStrike incident and how the NXLog agent operates
Automatic updates are recommended by many vendors as they are considered essential for safeguarding against security threats and maintaining system performance. Updates not only enhance security but also deliver bug fixes and new features, contributing to improved user experience. Software updates, however, come with the inherent risk of breaking existing functionality and can potentially interfere with other software or the operating system itself causing unintended side effects. Automatic updates that the user has no control over escalate the risk further.
security | microsoft nps | radius
Onboarding Microsoft NPS logs
For those of us who manage network authentication and authorization, RADIUS is a familiar term. This protocol was introduced in the last century, and many of us from those days still remember the old-school diagrams, which surprisingly remain on the Cisco Systems website today.
Figure 1. Interaction between dial-in user requests, the RADIUS client and server © Cisco RADIUS, which stands for Remote Authentication Dial-In User Service, was developed to address a specific challenge.
security | strategy
How can I monitor file access on Windows?
Why do you want to monitor who accessed a particular file? Files are one of the primary forms of storing information. It is common practice for companies to store data in files that hold valuable, sometimes sensitive, information. What could this "important" data be? Of course, I am not talking about the company’s last team-building pictures. I’m afraid that’s not what the bad guys are interested in. They will likely be more interested in business plans, financial or personal data.
security | BROP | Blind Return-Oriented Programming
BROP attacks - What is it and how to defend yourself?
Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.
log collection | compliance | security | security risk | it security
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
security | ics
NXLog in an industrial control security context
Industrial Control Systems (ICS) have evolved over the years and now have a lot in common with traditional IT systems. Low-cost Ethernet and IP devices are replacing older, proprietary technology, which opens up new possibilities to improve connectivity and remote access. However, it also increases vulnerability to cyberattacks and incidents since the system is no longer segregated. Due to the nature of ICS, they differ from other IT systems. A compromised system can cause severe damage to the environment, incur substantial financial and production losses, and negatively impact an entire nation.