What do you think this is?

just thoughts of a restless mind...

What to do with the center of security?

What to do with the center of security?

Some years ago, during a (quite extended) phishing avalanche in the company I was at the time, the (then) CIO said: Let’s fire every user that falls for a phishing mail! That will solve the problem for good.
I considered it a joke, and I replied pretty much with a rhyme: Let’s train them before we blame them and I didn’t give it a second throught. We went on to deploy some training modules, but never really implemented the technical controls on the mail server; an activity that if had been implemented, several of those phishing mails would never have entered the company. I think that this is not strictly a user failure and I’m inclined to blame the IT deparment more than the user.

Read more ...

Tagged in : security, awareness, management, leadership, social engineering

Fighting bias in security analysis

Fighting bias in security analysis

I am a huge fan of automation; I strongly believe that automation, machine learning and / or artificial intelligence (whatever these terms mean for different people) are our best chance to tackle one of the biggest problems we have in the cyber security industry: the human limitations.

Read more ...

Tagged in : security, management, artificial intelligence, machine learning

Securing administrative access with MFA

Securing administrative access with MFA

Now that multi factor authentication is gaining ground I thought I would write a simple guide on how to secure administrative access with MFA on Linux systems. The solution is simple and based on Google Authenticator. The good thing with Google Authenticator is that it’s a typical TOTP/HOTP solution and as such does not require any internet connectivity on either the server or the client.
The configuration examples provided are more or less appropriate for openSUSE Leap 15 and Ubuntu 18.04 LTS

Read more ...

Tagged in : linux, security, access control, two-factor authentication