SEARCH RESULTS
 
Showing 1-10 of 32 records
 
Expand article

Protect your data: everything else is just plumbing

The Article has images
2007-07-02 20:46:32 by Steve Riley in Steve Riley on Security
...deny everyone else, the traditional approach involves a lot of work on the part of someone else. Alice has to beg, cajole, and bribe the network admin to create a file share, create two security groups, add Bob to one and Phil to the other, and create access control entries on the shares access control list. Thats a lot of work for someone...
 
Tags: data security, comrms data security, data, security, confidential information, information, information security, temporary data, data vanishes
 
 
 
 
Expand article

STRIDE chart

2007-09-11 23:18:00 by sdl in The Security Development Lifecycle
 
...Deny or degrade service to users Crashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole Authorization E levation of Privilege Gain capabilities without proper authorization Allowing a remote internet user to run commands is the classic example, but going from a limited...
 
Tags: threat, stride, windows, windows source code, web site, stride mitigations, code, user, remote internet user
 
 
 
 
Expand article

Giving Drivers Licenses to Illegal Immigrants

2008-02-13 05:57:39 by schneier in Schneier on Security
 
...denying licenses to illegals will make them leave is head-in-the-sand thinking Of course, even an attempt to deny licenses to illegal immigrants puts DMV clerks in the impossible position of verifying immigration status. This is expensive and time-consuming; furthermore, it won't work. The law is complicated, and it can take hours to verify...
 
Tags: licenses, driver licenses, illegal immigrants, licenses helps, licenses andor, deny licenses, driver, law, respects law enforcement
 
 
 
 
Expand article

SDL and Web 2.0

2008-02-28 22:26:00 by sdl in The Security Development Lifecycle
 
...deny HTML and script content) and output encoding (making sure that any active content that gets past the input validation routines is rendered as harmless text and not executed). Internally, we also mandate the use of code analysis tools to find XSS vulnerabilities that might otherwise slip through the cracks. This is great advice for anyone...
 
Tags: web, site, chriss web site, mashups, web mashups, site cookies, persistent cross-site, cookies, benefit anyones web
 
 
 
 
Expand article

The Big Announcement

2008-03-13 00:03:25 by Bill in Grumpy Security Guy
 
...deny policy, while a great idea in theory, is pretty hard in the real world . There is just way to much movement in most applications to pin it down. Even if the app does not change frequently, WAF admins are very hesitant to even come close to blocking legitimate traffic.What really sold me though is when I saw it in action for the first...
 
Tags: vulnerabilities asap, vulnerabilities, app, web app, web application vulnerabilities, vulnerability, sentinel, business, default deny policy
 
 
 
 
Expand article

Training People on Threat Modeling

2008-03-14 23:11:12 by sdl in The Security Development Lifecycle
 
...Deny or degrade service to users Crashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole E levation of Privilege Authorization Gain capabilities without proper authorization Allowing a remote internet user to run commands is the classic example, but going from a limited user to...
 
Tags: web site, site, threat, windows, windows source code, code, people, degrade service, non-repudiation
 
 
 
 
Expand article

If it quacks like a duck, walks like a duck, it must be NAP

The Article has images
2008-03-27 02:04:22 by HASH0x8b41e68 in StillSecure, After All These Years
...deny access to those not up to snuff on configuration, I think you have clearly crossed the line into security. I think Microsoft would come of better saying that NAP is not meant to keep out the determined hacker, but saying it is not a security tool just doesn't ring well So what is the rest of the NAC vendor world to do? Should we all pack...
 
Tags: nap, security, borderline security, security tool, security product, product, pre-connect health checks, health checks, microsoft folks
 
 
 
 
Expand article

Privacy Policies Best Practices

2008-03-28 08:19:18 by Jen Albornoz Mulligan in Security & Risk Management
 
...deny it; a customer who wants to know what information you collect or prevent you from sharing it with your affiliates
 
Tags: main privacy policy, privacy policy, policy, privacy policies, level policy, policy apply, apply, illegible privacy policies, potential customer
 
 
 
 
Expand article

Limiting Process Privileges Should Be Easier

2007-11-09 10:00:00 by Security Retentive in Security Retentive
 
...deny and allow only what you want stage, but interesting nonetheless Limiting Service Privileges in the Solaris 10 Operating System Privilege Debugging in the Solaris 10 Operating System Windows Server 2008 Microsoft has introduced service hardening and reduced privileges in Server-2008 Security Configuration Wizard Based on what I can...
 
Tags: process, uid, effective process sandbox, kill, prohibit kill, uid range, prohibit, privileges, target uid
 
 
 
 
Expand article

If it quacks like a duck, walks like a duck, it must be NAP

The Article has images
2008-03-27 03:04:22 by ashimmy in StillSecure, After All These Years
...deny access to those not up to snuff on configuration, I think you have clearly crossed the line into security. I think Microsoft would come of better saying that NAP is not meant to keep out the determined hacker, but saying it is not a security tool just doesn't ring well So what is the rest of the NAC vendor world to do? Should we all pack...
 
Tags: