Steve Riley on Security
Formerly
of Microsoft's
Trustworthy Computing
Group.
Browse by Tags
All Tags
»
protection
»
risk mitigation
(RSS)
access technologies
authentication
configuration
email
malware
NAP
physical security
security policies
security science
things that make me worried
threats
wireless
Poll: do you use scheduled scans for malware?
An interesting comment recently appeared on my older post about whether or not to use antimalware software. Peter van Dam wondered whether scheduled scans are really necessary, given that anti-malware products scan files as they enter (and sometimes
Read More...
More on Autorun
Last month, in my post " Autorun: good for you? " I described why I believe you should disable Autorun on all computers in your organization. I also explained how you can do this for XP and Vista computers. Well, it turns out that Windows will override
Read More...
What's your data worth? More importantly, to whom?
This week, I'm attending and spoke at a cybercrime conference in Singapore. One of the presenters made a very good point, and I want to share it with you. When considering how to protect your data, don't consider how valuable it might be to an attacker.
Read More...
More on the necessity of antivirus software
A few days ago, I wrote a brief post about my non-use of antivirus software on my own computers. A number of people have asked me privately if I am recommending such a stance to other individuals or to organizations. Let me be perfectly clear: absolutely
Read More...
Autorun: good for you?
Yes, if you're a five-year-old and you're tired of always asking mom or dad how to start the game on the CD. No need to know how! Just pick up the disc (a little peanut butter on your fingers helps with the grip), slide it in the drive, and wait for the
Read More...
Antivirus software -- who needs it?
In the newsgroups a few weeks ago, someone asked about which anti-virus software is best for experts. This is a really curious question. I've been involved in computer security -- as a practitioner, a consultant, and an instructor/speaker -- for several
Read More...
Did you know that you ALREADY have an e-mail policy?
An email access policy can be expressed in one of two ways: E-mail is mission critical to our business. Therefore, we permit employees to read and compose e-mail from any location in the world where employees can access the Internet, using either company-issued
Read More...
Configure your router to block DOS attempts
Some time ago I had a discussion with a friend. He disagreed with my recommendations on how to configure a border router and the firewall behind it. I claimed that in the border router between you and your ISP, configure the six rules to block most denial
Read More...
August article: 802.1X on wired networks considered harmful
Several months ago I learned from Svyatoslav Pidgorny, Microsoft MVP for security, about a problem in 802.1X that makes it essentially useless for protecting wired networks from rogue machines. Initially I was a bit skeptical, but the attack he described
Read More...
New column -- The case of the stolen laptop
Seems like once a week I hear from someone worried about stolen laptops -- or, worse, just joined the ranks of laptop theft victimhood. The best way to stay out of that club is to keep the thing with you at all times, or leave it in your hotel room when
Read More...
Search
This Blog
Home
About
Email
Resources for you
Get my PPTs from
My SkyDrive
Watch my videos at
TechNet Spotlight
Download
PYWN
's
Passgen tool
follow steveriley at http://twitter.com
View blog authority
Subscribe with FeedBurner
Subscribe, translate, or sort with BlastCasta
Homeland stupidity
threat:
Tags
access control
access technologies
Active Directory
advertising
assessing security
authentication
aviation security
biometrics
BitLocker
blogging
conferences and seminars
configuration
data destruction
email
encryption
false claims
group policy
home and family security
identity
infosec as a profession
integrity
Internet Explorer
IPsec
ISA Server
malware
music
my book
NAP
networking
passwords
patch management
physical security
protection
public policy
risk mitigation
RMS
security myths
security policies
security science
security theater
spam
SSL/HTTPS
TechEd
Terminal Server
the end
the future
the trade press
things that make me angry
things that make me laugh
things that make me worried
threats
virtualization
VPN
Windows 7
Windows Vista
wireless
Archives
August 2009 (1)
May 2009 (1)
February 2009 (1)
January 2009 (5)
December 2008 (1)
November 2008 (1)
October 2008 (2)
September 2008 (6)
August 2008 (2)
June 2008 (2)
April 2008 (1)
February 2008 (7)
January 2008 (1)
November 2007 (1)
October 2007 (3)
September 2007 (5)
August 2007 (2)
July 2007 (4)
May 2007 (2)
April 2007 (1)
February 2007 (1)
January 2007 (3)
December 2006 (2)
November 2006 (3)
October 2006 (2)
September 2006 (6)
August 2006 (1)
July 2006 (3)
June 2006 (1)
May 2006 (2)
April 2006 (2)
March 2006 (5)
February 2006 (2)
January 2006 (3)
November 2005 (5)
September 2005 (4)
August 2005 (2)
July 2005 (5)
June 2005 (5)
April 2005 (3)
March 2005 (2)
February 2005 (2)
January 2005 (1)
Syndication
RSS 2.0
Atom 1.0
