Securosis Blog

Now that you have a solid, repeatable, and automated firewall change management process, it’s time to delve into the next major aspect of managing your firewalls: optimizing rules. Back in our introduction we talked about how firewall rule sets tend to resemble a closet over time. You have a ton of crap in there, most of which you don’t use, and whatever you do use is typically hard to get to. So you need to occasionally clean up and reorganize – getting rid of stuff you don’t need, making sure…

Most folks think the move towards the extended enterprise is very cool. You know, get other organizations to do the stuff your organization isn’t great at. It’s a win/win, right? From a business standpoint, there are clear advantages to building a robust ecosystem that leverages the capabilities of all organizations. But from a security standpoint, the extended enterprise adds a tremendous amount of attack surface.

As we dive back into Firewall Management Essentials, let’s revisit some of the high points from our Introduction:

The firewalls run on a set of rules that basically define what ports, protocols, networks, users, and increasingly applications, can do on your network. And just like a closet in your house, if you don’t spend time sorting through old stuff it can become a disorganized mess, with a bunch of things you haven’t used in years and don’t need any more.

I had a really great Friday Summary planned. I was going to go all in-depth and metaphysical on something really important, with a full-on “and knowing is half the battle” conclusion at the end, tying it back to security and making you reevaluate your life.

On a trip to the Bay Area recently, I drove past the first electronic billboard I ever saw. It’s right on the 101 around Palo Alto, and has been there at least 7 or 8 years.

We received an email tip today that Oracle added a new security feature to Java that might be pretty important (awaiting confirmation that I can publicly credit the person who sent it in):

I am still putting my personal thoughts together on the recent NSA revelations. The short version is that when you look at it in the context of developments in vulnerability disclosure and markets, we are deep into a period of time where our benign government has actively undermined the security of citizens, businesses, and even other arms of government, at scale, in order to develop and maintain offensive capabilities. (Yes, I’m a patriotic type who considers our government benign).

PCWorld/TechHive has a very clear article on how to deal with a Twitter hack.

Print it out and keep it handy, especially if you manage a corporate account. If you are very big get a phone number for Twitter security, make contact, and add it to your IR plans.

When my wife an I were a young couple looking for a place in the hills of Berkeley, we came across an ad for an apartment with “Views of the Golden Gate Bridge”. The price was a bit over our budget and the neighborhood was less than thrilling, but we decided to check it out. We had both previously lived in places with bay views and we felt that the extra expense would be worth it. But after we got to the property the apartment was beyond shabby, and no place we wanted to live. What’s more, we…

We are happy to announce the release of our Identity and Access Management for Cloud Services research paper.

Identity, access management, and authorization are each reasonably complicated subjects, but they all reside at the center of most on-premise security projects. Cloud computing and cloud security are both very complex subjects. Mix them all together, in essence federating your on-premise identity systems into the cloud, and you have complexity soup! Gunnar and I agreed that in light of…