Silk internet #cms, #content #management, #secure, #simple, #drag #and #drop, #integrate, #free #custom #templates, #themes,

No Comments

#

Simply secure.

“ We have worked with QuickSilk since 2010 and have always received exceptional support. Their flexible – and easy-to-use – CMS ensures we can both manage our publications and communicate them to our key clients. QuickSilk’s extensive features allow us to assign specific rights and permissions, set start and stop publishing dates, as well as control content versions. QuickSilk allows us to easily manage the Parliament Budget Officer’s integrated monitoring database, which is used by parliamentarians, the media, and the public at large. ”

Office of the Parliamentary Budget Officer

Our Clients


Security, Cyberattacks: How Safe is Arizona s Palo Verde Nuclear Plant? #nuclear, #palo #verde, #cyberattacks,

No Comments

#

Connect. Discover. Share.

Security and Cyberattacks: How Safe Is the Nuclear Plant Next Door to Phoenix?

Palo Verde Nuclear Generating Station is a desert colossus. The largest nuclear power plant in the U.S. is armed with three reactors that churn out 32 million megawatt-hours per year, providing power to millions of people from California to Texas.

It s also just 50 miles west of Phoenix.

So when a report last week said that cyberattacks have targeted the information systems of companies that operate nuclear plants, it seemed certain that the nation’s largest nuclear plant could be a target, too.

According to the New York Times. the only company that is a known target of the hacking attempts is the Wolf Creek Nuclear Operating Corporation, which operates a nuclear plant near Burlington, Kansas.

John Keely, a spokesperson for the Nuclear Energy Institute, said that his industry s 99 nuclear plants, including Palo Verde, were unaffected by the cyberattack. Post-9/11 security measures and isolated computer systems at Palo Verde ought to give Arizonans a lot of comfort, he said.

These sites are true islands of operation, Keely told Phoenix New Times. They are in no way connected to networks, or LAN, or even the Internet. Information does come out of them performance factors, how much electricity they re producing but no information goes back in.

This one-way road of information prevents a malicious hack of the variety that recently infiltrated the networks of Target and Home Depot. compromising customer data. Keely added that in the event of a breach, the companies that operate nuclear plants have to notify the Nuclear Regulatory Commission, which then informs the public.

The Arizona Public Service electric company owns and operates Palo Verde, which is located near the town of Tonopah. Jill Hanks, a company spokesperson, emphasized a “comprehensive, multilayered program designed to defend the plant against cyberattacks.”

“It s important to understand that the computer systems that are used to operate the power plant are not connected to the Internet in any way,” she told New Times. “Nothing from the outside can control equipment that is used to operate the plant.”

Related Stories

Even so, the sheer size of Palo Verde could make it an attractive target for hackers who want to gain access to information or sow chaos within a nuclear plant s systems.

Dave Lochbaum, a nuclear energy expert at the Union of Concerned Scientists, a policy group that advocates for tougher regulations on nuclear power, said hackers weigh ease of access and the potential value of intrusion when selecting a target.

Nothing against either Iowa or Kansas, but those factors would tend to rank Palo Verde higher on the target list than the Duane Arnold nuclear plant in Iowa or the Wolf Creek nuclear plant in Kansas, he wrote in an email to New Times.

But the U.S. Nuclear Regulatory Commission’s approach to cybersecurity is to have all plants have protection up to their standards with the standards being uniform across the states,” he added.

Experts say cyberattacks are a growing threat now that sprawling computer systems carry the work of government agencies and corporations. After the Stuxnet computer virus caused centrifuges used to enrich uranium in Iran to spin out of control, it s a brave new world for adversaries hoping to disrupt nuclear technology.

The reactor chamber at Palo Verde Nuclear Generating Station during a refueling shutdown.

Sun. Oct. 1, 9:50am

The administration has clearly taken notice. In May, President Trump signed an executive order. mostly in line with prior initiatives, that directs federal agencies to assess cybersecurity risks and to coordinate with the private sector. And on Tuesday, Energy Secretary Rick Perry said that “state-sponsored” hackers are a real and ongoing threat to nuclear energy facilities.

Federal regulators requires plant operators to maintain evacuation plans for the 10-mile radius around the facility in the event of a radiation leak. According to Bruce Monson, senior radiological planner for the Maricopa County Department of Emergency Management, the 10-mile radius around Palo Verde is home to approximately 8,869 people. Zoom out a little further, and millions of people in the Phoenix metro area live practically next door.

The room with the turbines where the steam produced by Palo Verde’s reactor is converted into electricity.

Even after taking every precaution, there s no surefire way to prevent the sorts of conventional meltdowns that unfolded at Fukushima Daiichi and Three Mile Island. And according to Lochbaum, the most threatening scenario might be if cyberattackers exploited insider knowledge on system breakages.

Right now, perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs (e.g. blueprints) and work schedules with which to conduct a physical attack, Lochbaum said.

Nuclear plants routinely take emergency systems out of service for testing and maintenance,” he added. “If hackers obtained information about when a key component, like an emergency diesel generator, would be out of service, the list of equipment they’d need to sabotage to cause a bad outcome would be shortened, increasing their chances of success.

As it happens, Palo Verde recently had a generator out of commission. In December 2016, a backup generator for one of Palo Verde s reactors exploded during a routine test. And yet in a controversial decision by the Nuclear Regulatory Commission, the nuclear plant continued to operate without shutting down for 57 days.

According to internal memos obtained by the Arizona Republic . some agency employees criticized the decision, arguing that a loss of power could result in a radiation leak if the sole remaining generator failed. APS officials said it was safer to keep the reactor running to avoid a complicated shutdown procedure.

During refueling, spent fuel rods are moved into this area and new nuclear material is moved into the reactor chamber.

It s not the first time Palo Verde has been under scrutiny. In 2013, the Associated Press obtained a worrying Government Accountability Office report, which stated that Palo Verde had the second-highest number of safety violations among U.S. nuclear facilities; nevertheless, the vast majority of violations were classified as lower-level.

The plant s three reactor licenses were renewed in 2011 and now expire beginning in 2045.

Questions of how to defend critical infrastructure aside, Palo Verde generates an enormous amount of clean energy a not-insignificant thing for power-thirsty cities in the desert.

That is a true flagship facility in our fleet and around the world, Keely said. And every Arizonan should be proud of what that plant does, not just for Arizona, but for the whole southwest.

Newsletters


SANS Institute – CIS Critical Security Controls #computer #security #training, #network #security, #information #security, #security

No Comments

#

CIS Critical Security Controls

The CIS Critical Security Controls for Effective Cyber Defense

The CIS Critical Security Controls are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks. A principal benefit of the Controls is that they prioritize and focus a smaller number of actions with high pay-off results. The Controls are effective because they are derived from the most common attack patterns highlighted in the leading threat reports and vetted across a very broad community of government and industry practitioners. They were created by the people who know how attacks work – NSA Red and Blue teams, the US Department of Energy nuclear energy labs, law enforcement organizations and some of the nation’s top forensics and incident response organizations – to answer the question, “what do we need to do to stop known attacks.” That group of experts reached consensus and today we have the most current Controls. The key to the continued value is that the Controls are updated based on new attacks that are identified and analyzed by groups from Verizon to Symantec so the Controls can stop or mitigate those attacks.

The Controls take the best-in-class threat data and transform it into actionable guidance to improve individual and collective security in cyberspace. Too often in cybersecurity, it seems the “bad guys” are better organized and collaborate more closely than the “good guys.” The Controls provide a means to turn that around.

SANS Supports the CIS Critical Security Controls with Training, Research and What Works

To support information security practitioners and managers implement the CIS Critical Security Controls, SANS provide a number of resources and information security courses.

Information Security Resources

  • NewsBites: Bi-weekly email of top news stories with commentary from SANS Editors. View recent editions Subscribe
  • Whitepapers: Research from SANS instructors and masters students. Download the latest papers related to the Critical Controls
  • Webcasts: Topical content presented by SANS Instructors, vendors, and leaders in infosec security. View upcoming webcasts

CIS Critical Security Controls – Version 6.1

To learn more about the CIS Critical Security Controls and download a free detailed version please visit: http://www.cisecurity.org/critical-controls/

The SANS “What Works” program highlights success stories in cybersecurity – real examples of how real security teams have made measurable improvements in the effectiveness and efficiency of their security controls. While most of the press coverage focuses on breaches and other security failures, there are thousands of cybersecurity leaders quietly working hard and make advances against threats while enabling business and mission needs.

SANS expert John Pescatore interviews the end user and decision maker and produces a Q ?>

Best Business Security Systems #best #business #security #system

No Comments

#

Best Business Security Systems

Businesses are something that thieves tend to go after, both during business hours and after business hours. Unfortunately, there are also employees within the business who have light fingers and are stealing from the business. That is why business security systems are so essential, to protect the business from the inside thieves as well as the outside thieves. Below are some things to consider when choosing business security systems. Using one of the top security systems and security system equipment can the first step to preventing a burglary.

When you are looking for the best business security systems, there are a few things that you should consider to find the right security system for your business. Some of the common features you will want to consider include:

  • • Video – will you want to have video cameras? Are video cameras something that you need included in your business security systems?
  • • Audio – Sometimes having audio surveillance is going to prove to be invaluable. You might want to consider this when you are looking at business security systems.
  • • Motion – If the business has to deal with precious items or cash, having motion detectors is a good idea to have in business security systems.
  • • Monitoring – If your business is going to be without any human being, such as overnight, it might be a good idea to consider monitoring when looking at business security systems. They are able to contact the authorities if there’s a fire, a break-in, or another disaster.
  • • Back-up – A lot of companies who provide business security systems which offer audio or video options are going to offer storing of the data. It’s really important to to have copies of the security system equipment information in case it’s needed in the future like as evidence in a court case.
  • • On-site Surveillance – Along with mechanical business security systems, you might want to consider having security guards for your business. If you think this is something that you want, think about what you need and how often you are going to want to have them patrol your business.

When you are considering business security systems, one of the things that you want to think about is the installation. There are a few questions that you want to ask when you are interviewing possible security system companies for your business about the installation.

  • • Do you include installation in the security system’s price?
  • • If it’s extra, how much does it cost?
  • • Is the installer who will install my system certified?
  • • Is it required to be there, or should I be there, while my system is being installed?
  • These are some of the things that you want to consider when you are looking at business security systems. There are many different security system companies who offer security systems for business and there are a lot of things that a business should consider when they are searching for the right system. Take your time and see what security system is right for your business. This is one of the most important decisions that you are going to make for your business and it can help your business from losing money.

    By reading security system reviews from each of the best security system companies here on Security System Reviews you can find out which companies are best to protect your business.

    Comments (0)

    Comments are closed.

    Security System Topics

    SecuritySystemReviews.com is a team of home security experts that are dedicated to helping consumers save time and money while researching home security systems. Our security system reviews are designed to help consumers make the right choice without getting distracted by all the noise that is spread around the web. We focus exclusively on providing content about the home security system industry and always keep the consumer’s interest in mind. The rankings and ratings expressed on this site are the opinion of SecuritySystemReviews.com and are subject to change. To keep this valuable service free, we generate advertising revenue from the companies featured in our ranking


    Categories: News Tags: Tags: , , ,

    What is a Source Code Escrow, and when do I need one: Frost Brown Todd

    No Comments

    #

    ALP: What is a Source Code Escrow, and when do I need one?

    Most businesses, even smaller ones, have at least one software license agreement that is mission critical. A source code escrow is an arrangement that can provide protection to the business should the software provider go out of business or discontinue support and/or maintenance for the licensed software. Even though the dot com bubble has burst, it is still very common to find smaller and/or newly formed software companies with valuable and useful software for use in niche areas and otherwise.

    Source code escrows can reduce or eliminate the risk of doing business with such a small or new company. Source code escrows are generally negotiated as a part of the initial software license agreement. They can also be entered into after the license agreement has been signed, but a licensee has much less leverage at that point to negotiate favorable terms.

    Typically, a source code agreement is entered into among the software provider, the business licensee and an unrelated third party escrow agent. There are many more experienced software escrow agents available now than there were 10 years ago, and many banks will also provide this service.

    Under the typical software license, a business only receives access to the object code for the software being licensed. When there is a source code escrow agreement in place, the source code to the software is provided to a third party escrow agent. The escrow agent is authorized to release the source code to the licensee upon the occurrence of certain triggering events.

    The most heavily negotiated provisions in a source code escrow agreement are those relating to the events that trigger the release of the source code. These triggering events are negotiable but almost always include the bankruptcy of the software provider, the discontinuance of business by the provider and the joint written instructions of the provider and the licensee to a release of the code.

    You should also consider the following events as possible triggers to a release:

    1. The laying off of substantially all of the employees of the provider, or substantially all of the employees that provide support, maintenance and/or development for the licensed software. This is often the first sign that a company is in trouble, and as a licensee, you want notice of this as soon as possible.
    2. The failure to provide maintenance and/or support in accordance with the provider’s agreements relating to the same.
    3. A change in control of the provider.
    4. A discontinuance of the type of software licensed by a business.
    5. The default of the provider under the software license agreement, after an opportunity to cure.

    Other Typical Agreement Provisions

    Source code escrow agreements are typically drafted so that there is little or no risk to the escrow agent. Under the agreement, if an event occurs that might trigger a source code release, the escrow agent will generally require written notice of the event from the licensee. Most agreements provide that the escrow agent give written notice to the software provider of the licensee’s allegation that a triggering event has occurred. The software provider then has the opportunity to dispute the allegation of the licensee, and this is generally played out through mandatory arbitration between the provider and licensee. In my experience, if the provider’s ship is truly sinking, the provider typically wants to try to take care of its licensees and will very often co-operate with the licensee and sign a joint agreement to release the code.

    When released, unless the escrow agreement provides otherwise, the licensee obtains the right to continue to use the software as provided under the original license; provided, however, that the licensee also has the right to do its own maintenance, support, upgrades, etc. or hire a third party to do the same.

    Tips for a Negotiating a Success Source Code Escrow Agreement

    1. Make sure the escrow agreement can survive the bankruptcy of a software provider, since that is one of the primary reasons a licensee would enter into a source code escrow agreement. In that regard, we recommend that the license granted through the escrow (i.e. allowing the licensee to use the source code to maintain, support and upgrade the software) be a current license, which is just not exercisable until there is a triggering event. The escrow agreement should also have the following language, which will give the licensee certain benefits under the federal bankruptcy laws:

    The parties desire this Agreement to be supplementary to the [Software License Agreement] pursuant to 11 United States [Bankruptcy] Code, Section 365(n).

  • Think through the triggering events and make sure they fit well with the software provider you have chosen and that they reflect what might really happen. Don t just rely on the boilerplate triggering events in other agreements.
  • If the escrow agreement involves software development, in addition to a software license, a licensee should insist that deposits of the source code be made on a regular basis throughout the development, such as once a month or once every 60 days. Normally it would make sense to wait until the development is complete to require that the source code be deposited, but it is not unusual for a software company to fail half way into a development.
  • Make sure the escrow agent is experienced and reputable.
  • Make sure your escrow agreement is crystal clear about the rights of the licensee after the source code has been released. The licensee is still using the source code under a license, and in cases where the provider is defunct, the licensee generally wants to find a third party replacement for the provider. In my experience, the best place to look for assistance when the worst happens is with the former employees of the provider. They are usually anxious for work and are the most knowledgeable about the software, so it pays to keep in close contact with the employees of your provider.
  • A business can avoid a source code escrow by obtaining a source code license directly from the provider. This license must give the business the flexibility it needs to move forward should the provider go out of business. In most cases, providers are unwilling to grant source code licenses or they are cost prohibitive. However, I have been surprised in some cases, and try to remember to ask the question of my business clients when we are working on a software deal.

    Another possible approach is to obtain a security interest in the software to secure the obligations of the provider under the license agreement. I have yet to be able to achieve this, since most providers already have bank financing, and the bank has long ago perfected its security interest in the software.

    There are situations when the alternatives discussed above may work, but typically a source code agreement is the best means of minimizing risk for businesses in connection with their mission critical third party software.

    Attorneys


    Philadelphia Social Security – Disability Lawyers – Local Attorneys & Law Firms in Philadelphia, PA

    No Comments

    #

    Philadelphia Social Security — Disability Lawyers, Attorneys and Law Firms – Pennsylvania

    Need help with Social Security — Disability?

    You’ve come to the right place. If you or someone you know is unable to work because of a long-term disability, and who may be eligible to receive social security — disability benefits (SSDI) from the government, a social security — disability lawyer can help.

    Use FindLaw to hire a local social security — disability attorney to help guide you through the claims process, and resolve any problems that arise with SSDI claims and benefits.

    Need an attorney in Philadelphia, Pennsylvania?

    FindLaw’s Lawyer Directory is the largest online directory of attorneys. Browse more than one million listings, covering everything from criminal defense to personal injury to estate planning.

    Detailed law firm profiles have information like the firm’s area of law, office location, office hours, and payment options. Attorney profiles include the biography, education and training, and client recommendations of an attorney to help you decide who to hire.

    Use the contact form on the profiles to connect with a Philadelphia, Pennsylvania attorney for legal advice.

    How do I choose a lawyer?

    Consider the following:
    Comfort Level – Are you comfortable telling the lawyer personal information? Does the lawyer seem interested in solving your problem?
    Credentials – How long has the lawyer been in practice? Has the lawyer worked on other cases similar to yours?
    Cost – How are the lawyer’s fees structured – hourly or flat fee? Can the lawyer estimate the cost of your case?
    City – Is the lawyer’s office conveniently located?

    Not sure what questions to ask a lawyer?

    Here are a few to get you started:

    • How long have you been in practice?
    • How many cases like mine have you handled?
    • How often do you settle cases out of court?
    • What are your fees and costs?
    • What are the next steps?

    Want to check lawyer discipline?


    Categories: News Tags: Tags: , , , ,

    Megapixel Security Cameras & IP Cameras #megapixel #security #camera #system

    No Comments

    #

    MEGAPIXEL

    Megapixel IP Security Cameras
    & Video Surveillance

    IP surveillance camera systems rely on megapixel resolution to provide higher-quality images than CCTV cameras, which can be important when trying to decipher individuals or items in surveillance recordings. The most common megapixel resolutions are 1MP and 2 MP. There are also megapixel security cameras available with pixel counts over 20MP. The higher the megapixels, the higher the resolution of the video will be. Megapixel resolution is not used with analog CCTV security cameras.

    Depending on your specific surveillance camera needs, the resolution on the megapixel ip cameras you use can be critical. With common 1MP and 2MP cameras, also available as 720P and 1080P cameras, a full frame rate of 30 Frames Per Second is standard. However, for very high megapixel camera counts (5MP and higher) the user must plan for lower frames per second and an increase in network usage because of the high bandwidth which is required to transmit information to the camera. For this reason, it is important to have a clear understanding of what resolution you need on a megapixel IP camera used in your surveillance system.

    Identify Your Megapixel Security Camera System Goals

    Ideally you want to install your megapixel IP cameras in a location where activity occurs as well as in locations where you may not expect activity. Cameras should be positioned to allow for the monitoring of a general area. Since only PTZ cameras allow remote repositioning such as panning and tilting, it is important to have your megapixel ip cameras properly positioned during installation for accurate viewing.

    For areas where the general image is all you need of a location, a lower megapixel security camera can be employed to capture the general activity. When there is a need to gather specific information about people or objects in a frame, a higher megapixel IP camera should be installed in the proper location. For instance, a camera monitoring the counter of a bank should be able to focus in on the customer area of the counter where individuals can be captured clearly for later identification. The higher resolution images can be essential in identifying a perpetrator’s face clearly. If a lower megapixel camera is employed in such a location, subjects may not be displayed clearly, making them much more difficult to identify.

    Unruly fans and illegal activity at MSU’s football stadium prompts need for increased stadium security to facilitate better crowd control and identify criminal acts.

    Customized Systems With Megapixel IP Cameras Help Protect Your Investment

    Working with a professional video surveillance expert that can provide customized megapixel security camera solutions for your home or business location is often the best way to ensure your investment in surveillance systems is worthwhile. Employing cheap surveillance systems kits sold at retail locations may not provide the right solution you need for your security concerns. It is important to take your time when choosing the megapixel security camera system for you to ensure safety and your home or business at all times.

    You may invest a lot of money into your camera and surveillance equipment but if it is not adequate for your needs or is not properly configured, it simply may not be effective. With pre-designed or customized surveillance camera systems, users will have many options in selecting exactly the right components which will be designed for your specific location.

    When considering the choices of megapixel security camera systems for your home or business, it is imperative to understand what your location actually needs before deciding which type of system to invest in. Choosing the wrong camera type for your security and monitoring needs can leave you with unusable footage despite a significant investment. Contact VideoSurveillance.com today to learn more about what type of surveillance camera(s) best meet the needs of your location so that you can be fully protected against property crimes and theft.

    Have Questions? Get Answers. Our security integrators are standing by to make sure your surveillance solution is the best for your business. Contact an expert today! Get Help

    For a Free Consultation Call: (866) 945-6808 (866) 945-6808 or WE’LL CALL YOU Request a Call


    Categories: News Tags: Tags: , , ,

    Network – Cyber Security #computer #network #security #services

    No Comments

    #

    • Personal
      • Wireless Service, devices and accessories.
      • Internet, Phone, and TV FiOS service for the home.
    • Business
      • Enterprise Technology Wireless Solutions Solutions and services for organizations with 500 or more employees.
      • Business Wireless Phones and Solutions Devices, plans and wireless services for organizations with less than 500 employees.
      • Business Phone, Internet, TV Network Services Technology and network solutions designed for organizations with less than 500 employees.
      • Federal Government Solutions to modernize federal agencies and empower workforces.
      • State Local Government, Education Purpose-built services and solutions for the public sector.
      • Partners Custom solutions designed to meet the needs of an ever-changing customer network.
    • About Us
      • Verizon Corporate Global leader in innovative communications and technology solutions and services.
      • Verizon Enterprise Technologies, solutions, and services for enterprise and medium-sized businesses.

    Cyber security solutions

    Go from simple
    security to cyber
    resilience.

    Build resiliency into your security.

    In the realm of cyber attacks, the prepared survive; the resilient thrive. Let us help you establish security that goes beyond protecting your business to become your competitive edge. As publisher of the annual Verizon Data Breach Investigations Report. we use our experience and threat intelligence to help organizations improve their network security, compliance, incident response and more. Start becoming more resilient today.

    Security Professional Services

    Boost your resilience with expert planning and preparation.

    When it comes to cyber security, intelligence breeds confidence. Whether you need help building your security plan or pressure-testing it, our experts can lend their considerable experience. The combination of actionable threat intelligence and our team’s expertise can help you tackle security compliance and strategy to mitigate risk across your organization.

    Network and Gateway Security

    Defend your network against evolving threats.

    Transform your network from a cyber security battleground into a resilient stronghold by strengthening your cyber defenses. We can help you implement protection at the network edge to help detect and prevent advanced threats, intrusions and other exploits before they reach your network. Rely on our security intelligence and expertise to help you stay ahead of serious threats.

    Security Monitoring and Operations

    Do more than monitor threats: Get ahead of them.

    Your security shouldn’t stop at just monitoring. To keep up with today’s threats, you need services to manage devices and certificates, help maintain compliance and offer actionable threat intelligence. Our experts work 24×7 from our security operations centers to give you what you need to stay focused on your business.

    Incident Response

    Breaches happen. Disasters don’t have to.

    You may want to believe you’ll never be breached. But whether through accident or malice, breaches happen. Fortunately, we help you prepare for them. With the right plan, cyber intelligence and experts on call to aid in your response, you can become more resilient in the face of the inevitable.

    The Verizon advantage

    We’ve been securing enterprise-level networks and infrastructure for decades. Our visibility across a large amount of the world’s traffic gives us an advantage in putting intelligence to work for you. We keep up with the rapidly changing nature of cyber threats by analyzing more than 1 million security events every day at our global network operations centers and security operations centers. And for over a decade we’ve offered our knowledge through thought leadership like the Verizon Data Breach Investigations Report .

    Are you gambling with your future?

    Read the key findings from the 2017 Data Breach Investigations Report and learn how to defend against today’s biggest cyber threats.

    Get a fresh perspective on cybercrime.

    Our new cybercrime scenarios help you understand the biggest threats you face. Strengthen your cybersecurity by learning from real-life data breaches.

    Gartner Magic Quadrant for Managed Security Services

    Find out why we’re recognized as a Leader in the Magic Quadrant for Managed Security Services, Worldwide.

    Security and Security Professional Services

    Fight cyber attacks and keep your critical assets secure with intelligence and experience.

    Speak with an expert fluent in security.

    For more than 20 years, we’ve been helping enterprises with everything from security monitoring to incident response. Contact us to see how we can help you.

    Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

    Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon Enterprise Solutions representative for service availability. Contact us


    Categories: News Tags: Tags: , , ,

    Security test lab setup – Information Security Stack Exchange #network #security #lab

    No Comments

    #

    I want to setup a testing lab in my basement for penetration/vulnerability testing offensive/defensive security skills. I believe I have all the equipment that I need, and if I’ll need something else, I will get it. I also have Cisco routers, firewalls, and managed switches. Money and resources are not an issue. How do I setup a lab if I have one host machine and three to four guest machines? Obviously, the host is the controller, but what OS and VM do I use? With the other machines, do I use one for Backtrack, one for Snort, one for Linux distro, one for Windows OS, e.t.c. Any ideas on the structure of the setup?

    asked May 14 ’13 at 20:56

    closed as off topic by Lucas Kauffman. Adi. TildalWave. AJ Henderson. Terry Chia May 15 ’13 at 5:33

    Questions on Information Security Stack Exchange are expected to relate to Information security within the scope defined by the community. Consider editing the question or leaving comments for improvement if you believe the question can be reworded to fit within the scope. Read more about reopening questions here. If this question can be reworded to fit the rules in the help center. please edit the question.

    You may take a look at my previous answer. those are basically vulnerable systems to train on. HamZa May 14 ’13 at 21:13

    If you re just getting started, then expensive routers are probably a poor way to spend your money. They typically only play a minor role in security exploits anyway. tylerl May 14 ’13 at 21:40

    2 Answers

    So if I was you I would start relatively simply with some VMs and a host machine.

    Personally I use VMWare workstation but other virtualization products are possibilities.

    If you’ve got a decent enough machine (e.g. 8GB RAM, Quad-Core Sandy/Ivy bridge, fast disks), I’d recommend keeping the Host OS clear of lab tools or target Apps, as re-building VMs is an awful lot easier than physical kit. As to Host OS, I’d go with whatever you’re most comfortable with as long as it runs your virtualization software of choice.

    Then have a tools VM, and some targets. I’d start with Kali for the Tools VM and then have a selection of targets to attack.

    Once you’ve got the basics hanging you could start to introduce the physical systems (e.g. firewalls, routers) that you can’t easily get Virtual versions of.

    Have you thought about setting up honeypots on your network as well? They are pretty good at being able to configure ect. http://en.wikipedia.org/wiki/Honeypot_(computing)

    I have also used a few programs for VMs.

    Virtual box is one of the most common free ones (windows box). Proxmox is really common freeware that provides a lot of flexibility with virtualization via a linux hypervisor.

    Sounds like you have the rest of the hardware. If you were looking to spend money on the OS Virtualization you may want to go the VMware route. Or even HyperV if you wanted to span across different virtual platforms.


    Categories: News Tags: Tags: , ,

    San Diego IT – IT Network Support Services #it #support #services, #onsite #network #support, #offsite

    No Comments

    #

    858.202.1758

    San Diego IT | Fixed Cost Network Management

    Get your office s technology systems running like a top. Backups, system updates, storage, security, firewalls, remote access, technical support, server maintenance, system monitoring and a whole lot more. Did we mention all for a affordable fixed monthly cost.
    Read more

    San Diego IT network maintenance lets me focus on my business

    Our systems have never operated so smoothly or efficiently. The number and severity of problems and we have with our computers has decreased. I finally have a sense of relief knowing that we have an expert team on our side.
    Read more

    San Diego IT network support is always there when I need them

    Whether it is a simple issue that can be resolved remotely or something more complicated requiring onsite repair, they get it taken care of promptly every time.
    Read more

    Expert IT management for your business and unmatched support for your users. Fixed cost computer and network support for your business has never been more affordable.

    You aren’t still using tapes are you? Get the latest in backup technology in the cloud and onsite for the ultimate in backup and recovery.

    Instant support online or over the phone. Click here to connected with a technical support representative.

    San Diego IT Services

    Changing IT providers or hiring your first IT consultant can feel like a daunting task. Are they reliable? How much will it cost? Can they solve our computer issues promptly? We ll you re in luck, we can do all that and quite a bit more for a fixed predictable monthly cost. Call us now for a free no obligation onsite network assessment.

    858-202-1758