SANS Director of Emerging Security Trends John Pescatore caught up with Dr. Cole to talk with him about the upcoming SANS SOC Summit in which Dr. Cole is co-chairing.
JOHN — Security Operations Centers have been around for quite a while. Why did SANS decide to host the first SOC summit and what has been the overall response?
ERIC — Organizations are continuously getting broken into with significant amount of damage. Setting up and deploying a SOC is how to better control the overall damage. Monitoring of an organization to identify andtimely respond to attack via a SOC (Security Operations Center) is the way to help resolve this issue. As SOC's
Security is always a balance between functionality and access. The key rule we always follow is to give an entity the least access it needs while still allowing it to perform its job. With network architecture, the key is to provide proper segmentation so that user can access the appropriate data while reducing the risk of potential compromise.
If you look at the requirements for systems that reside on our network, you will probably notice that they can be grouped into several categories, according to the type of information that they contain:
- Public: These resources reside on the Internet and, from the perspective of
Exciting changes for the Securing Windows course (SEC505) with lots of PowerShell labs.
By, Paul A. Henry
MCP+I, MCSE, CCSA, CCSE, CISSP-ISSAP, CISM, CISA, CIFI, CCE, ACE, GCFE, GCFA, GSEC, GICSP, GCED, GPPA, VCP4/5, VCP-DCV (5.5), vExpert
Senior SANS Instructor - firstname.lastname@example.org
March Patch Tuesday brings 5 Critical and 9 important patches — including 2 issues that have been publicly disclosed.
Lets look at the details:
• MS15-018 Is a Cumulative Update for Windows IE that is rated as Critical — It mitigates a single CVE related issue that could provide Remote Code Execution
• MS15-019 Mitigates a Critical VBScripting Engine issue (single CVE related) that could allow Remote Code Execution
We would like to walk you through the fundamental steps of designing a basic network architecture, based on segmentation. In this example, one of the requirements for the network that we need to design is allowing internal users to access the Internet.Additionally, certain systems located on the company's network need to be reachable from the Internet, including:
- A Web server that displays information about the company and its products
- A mail server that allows the company's employees to send and receive e-mail
- A DNS server that hosts records for the company's public domain (such as "example.com")
According to these requirements,