ON COMMUNITY

Some few of us, primarily in consultancy and professional services, are in the position to work in a place surrounded by other Information Security people but for most of us the ratios are a little different. To speak from personal experience, at my previous company there were 6 of us out of a total IT staff of about 170. Based on conversations with others my experience seems somewhat typical, or maybe even high. Currently the ratio is a little skewed since I am the information security staff, although we are admittedly a small company. Being part of such a small team means it can be awfully hard to keep from falling into familiar patterns.

7/25/2014 community

WHAT'S UP WITH THE HIPAA RETENTION SCHEDULES?

For much of my professional career I have been what I like to call “health care adjacent”. Meaning, my department has HIPAA responsibilities but I personally was only partially involved in them. I was around for conversations around protecting PHI, e- or otherwise, and sometimes called in as a technical resource for addressing specific controls but I was never in a situation where I really needed to know shit about the standard. One truism that everyone involved clearly knew was that records retention was a nightmare. We had a hard requirement of a 7-year minimum for anything related to patient data, whether the patient’s electronic chart or firewall logs for the network segment that housed HIPAA covered servers.

7/19/2014 securityhipaapolicy

USING OFFICE 365 AS A SMART HOST WITH POSTFIX

Since writing this post I’ve learned a better way. If you’re using a personal account or only need to relay 1 server the below may be sufficient. If you’re managing more than one server and can manage your Office365 domain please see my updated post Better Use of Office 365 as a Smart Host with Postfix.

7/11/2014 sysadmintools

SSL CHAIN CERT FUN WITH NESSUS

Pulling back from the archives this is a repost of a previous blog post. This time ripped from a guest spot at The Security Stack Exchange Community Blog.

7/4/2014 nessussecurityconfiguration

MY NOT SO FANCY .SCREENRC

Some number of days ago my dear Wesley put out the call absolutely begging for our Best .screenrc Files. While mine is very simple it hits all my special points. First the config, then the explanation.

6/24/2014 sysadminscreenconfiguration

MISADVENTURES WITH TCPDUMP FILTERS

Pulling back from the archives this is a repost of a previous blog post. This time ripped from a guest spot at The Security Stack Exchange Community Blog.

6/20/2014 networksecuritymonitoring

BASE RULESETS IN IPTABLES

Pulling back from the archives this is a repost of a previous blog post. This time ripped from a guest spot at The Security Stack Exchange Community Blog.

6/6/2014 standardshardeningsecurity

FIGHTING NFS MOUNTS AT BOOT TIME

Pulling back from the archives this is a repost of a previous blog post. This time ripped from a guest spot at The Nubby Admin, a fantastic blog from a fellow tech nerd.

5/30/2014 nfssysadminannoyances

WHY IS CHANGE MANAGEMENT HARD?

No matter how much we hope otherwise the foundation of any security program are consistent and used procedures. This means figuring out what we need to be doing, sketching out how we think we should be doing it, finding out we were totally wrong and misguided thinking we could do it that way, then editing it into something that actually works.

5/22/2014 policysecuritychange

A BRIEF INTRODUCTION TO AUDITD

Pulling back from the archives this is a repost of a previous blog post. This time ripped from a guest spot at The Security Stack Exchange Community Blog.

5/16/2014 auditdhardeningsecurity