Surveillance is a fact of life with modern technology, be it corporate data harvesting or government snooping. If you’re thinking about personal privacy, today’s episode covers common tools for communication and Web browsing. We dig into the end-to-end encryption capabilities of the messaging tools Signal and WhatsApp, look at the capabilities and limits of the... Read more »

Microsoft’s Active Directory and Entra ID are valuable targets for attackers because they store critical identity information. On today’s Packet Protector, we talk with penetration tester and security consultant Eric Kuehn about how he approaches compromising AD/Entra ID, common problems he sees during client engagements, quick wins for administrators and security pros to fortify their... Read more »

Security professionals often have an impulse to want to move on to the next new thing. While that can be helpful in a field that thrives on change, it can also make it hard to focus on routine tasks and mundane (yet essential) security controls and practices. Whether this impulse is due to varying degrees... Read more »

This episode was recorded live at Security Field Day (XFD) 12 in October, 2024. As delegates at the event, JJ and Drew heard presentations from DigiCert, Dell Technologies, SonicWall, and Citrix. These presentations covered topics including digital certificate management, post-quantum cryptography, supply chain security, recovering from ransomware, Zero Trust Network Access (ZTNA), and Secure Service... Read more »

Today’s Packet Protector rounds up recent security news, including revised password guidelines from NIST, a White House push to help fill infosec jobs, and potential espionage risks from Chinese-made cranes being used at US ports. We also cover a hospital data breach that leaked nude patient photos, discuss why municipal governments are rich targets for... Read more »

Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »

Today on the Packet Protector podcast we talk with sponsor Juniper Networks about how to simplify the complexity that affects network and cybersecurity teams alike. From tool sprawl to floods of data, complexity bedevils operations and troubleshooting. We talk about what Juniper brings to the table for networking and security professionals to help them do... Read more »

The terms “AI” and “machine learning (ML)” get thrown around pretty regularly in IT and cybersecurity. On today’s Packet Protector we get an introduction to AI and ML to help you ask the right questions when vendors tout their latest AI-infused products. Our guest is Jeff Crume, a distinguished engineer and cybersecurity architect at IBM.... Read more »

Today on Packet Protector we get into BGP security. BGP is an essential protocol for directing traffic across the Internet, but it wasn’t designed with bad actors in mind, not to mention plain old configuration mistakes. Without additional controls in place, BGP is susceptible to issues such as route leaks and route hijacks that can... Read more »

Today on Packet Protector we look at cloud firewall architectures. If you’ve deployed firewalls in the campus or a data center, it’s useful to know that there are differences in the public cloud. We’ll dive into what you need to know, including deployment options, the role of high availability in public cloud, selecting the right... Read more »

Today’s Packet Protector is an all-news episode. We cover the Volt Typhoon hacker group exploiting a zero-day in Versa Networks gear and a multitude of vulnerabilities in Zyxel network products. We also debate whether Microsoft’s endpoint security summit will be more than a public relations exercise, a serious backdoor in RFID cards used in offices... Read more »

On today’s Packet Protector we talk about how to talk about security objectives in ways that resonate with business and non-technical leaders in your organization. Tying security objectives to business outcomes can help you maintain (or increase) budgets, build trust and credibility with executives, and better align your risk management efforts with the organization’s broader... Read more »

IT tends to divide itself by job function and technological specialization, especially as technology gets more complex. However, each IT domain is part of a larger system, and these systems require coordination and cooperation to operate effectively. On today’s Packet Protector we look at how and why Security Operations (SecOps) and Network Operations (NetOps) should... Read more »

Smartphones use Wi-Fi based Positioning Systems (WPSes) to collect data about nearby Wi-Fi access points and other wireless devices to help determine the phones’ geographic location. Researchers at the University of Maryland show how WPSes from Apple and Google can be used for mass surveillance of access points and, potentially, owners and users of those... Read more »

Remote work is now a norm. And whether it’s a day or two at home every week, or relocating overseas so you can log in to the office from an Italian piazza or a beach in Thailand, there are lots of opportunities to do our jobs outside traditional workplaces. On today’s Packet Protector, we look... Read more »

On today’s Packet Protector we answer listener questions about Wi-Fi security with guest Stephen Orr. Stephen is Chair of the Security Technical Task Group for the Wi-Fi Alliance and a Distinguished Solutions Engineer at Cisco. Questions include what recommendations Stephen would make for using multiple SSIDs vs. role-based device segmentation, what he sees as the... Read more »

In the wake of one of the largest global IT outages, resiliency is the theme of today’s show. We dig into the CrowdStrike debacle as well as an Azure outage that kinda flew under the radar. We also look at the Resiliency Planning Framework Playbook from CISA and other frameworks for building resilient infrastructure. We... Read more »

From an SSID confusion exploit to a RADIUS attack to a critical vulnerability in a Windows Wi-Fi driver, the past several months have seen multiple attacks and exploits targeting the wireless realm. On today’s Packet Protector podcast we talk with Wi-Fi security expert Stephen Orr to get his take on the severity of these issues,... Read more »

Third-party test labs can help buyers make decisions about which products to purchase. While a testing lab can’t mimic the conditions of your specific production environment, it can assess a product’s fundamental capabilities and measure throughput, performance, and–in the case of security devices–effectiveness against a test suite of malware or attack techniques. On today’s episode... Read more »

It’s an all-news episode for this week’s Packet Protector podcast. We cover critical vulnerabilities in the MOVEit file transfer software and in thousands of ASUS routers, and a remote code execution vulnerability in a Windows wireless driver that you really should patch. We discuss a Wall Street Journal article about how AI tools are helping... Read more »

If you care about nutrition, you check the ingredients of your food. If you care about your IT infrastructure, you check the Software Bill of Materials (SBOM) of the tech. At least that’s the future that Thomas Pace hopes for. Right now, SBOMs aren’t super common and software transparency is very low. Thomas walks us... Read more »

Today we discuss how to secure your all-powerful root accounts on the three major public cloud providers: AWS, Azure, and GCP. Our guests today, Ned Bellavance and Kyler Middleton from the Day Two Cloud podcast (soon to be Day Two DevOps podcast), describe the struggle of securely managing several root accounts at once. They take... Read more »

Drew and JJ have recovered from the overstimulation of the RSA expo floor and are ready to discuss their takeaways from the conference. They discuss the surprising emphasis on microsegmentation and storage backups, and the not-so-surprising focus on IoT security and AI-assisted products. They also pull back the curtain on what the conference’s own SOC... Read more »

Matter is an IoT protocol that has security and interoperability baked into it. Steve Hanna, the chair of the Product Security Working Group in the Connectivity Standards Alliance, joins the show today to walk us through this IP-based protocol for smart home devices. He compares Matter to an armored car, delivering a valuable payload securely... Read more »

Tabletop security exercises can help organizations game out their response to a security incident. From the technical and business considerations to legal and PR implications, a tabletop exercise, like Dungeons and Dragons, lets you play-test attack and defense scenarios. Johna Till Johnson, CEO of Nemertes consulting firm and co-host of the Heavy Strategy podcast, joins... Read more »

Zero trust is a buzzword, but what does it actually mean and how will it impact network engineers? Jennifer is here to get us up to speed. First, she gives a general description: It’s a security architectural strategy that’s progressing toward increased observability and trust inferences. Then she breaks it down for the three main... Read more »

Have you ever noticed “threat hunting” in vendor products and wondered exactly what it means? James Williams is here to explain: Threat hunting is the R&D of detection engineering. A threat hunter imagines what an attacker might try and, critically, how that behavior would show up in the logs of a particular environment. Then the... Read more »

What’s the difference between cybersecurity “as a service” vs. “managed” vs. “hosted”? And what’s the difference between an MSP and an MSSP? In this episode, JJ helps untangle the terms and concepts in cybersecurity offerings. She explains what questions you should ask vendors to make sure you’re picking the right one for your needs; negotiating... Read more »

The classical encryption algorithms that currently undergird our IT infrastructure will be broken once there’s a powerful and stable enough quantum computer to do the job. Quantum-resistant algorithms are being developed by NIST, but implementation and deployment of these algorithms still have to be addressed. So what does all this mean for busy IT and... Read more »

IoT devices are often like the tiny aliens in the locker in Men in Black: They’ve created a whole little world on your network without almost any humans knowing they exist. Today Troy Martin joins the show to teach us the basics of how to find and secure IoT devices on your network, specifically focusing... Read more »

The US government is seeking comment on a new law mandating detailed cyber incident reporting. In this episode, we cover what you need to know about the “Cyber Incident Reporting for Critical Infrastructure Act.” We break down the details, including what kind of companies the law applies to, what it defines as an “incident,” and... Read more »

If your approach to firmware is that you don’t bother it as long as it doesn’t bother you, you might want to listen to this episode. Concerns about supply chain vulnerabilities are on the rise and for good reason: Attackers are targeting firmware because compromising this software can allow attackers to persist on systems after... Read more »

Learning cloud security can be daunting for experienced network engineers, much less complete newbies. That’s why Rich Mogull started “Cloud Security Lab A Week,” aka Cloud SLAW. Every Thursday, he emails subscribers a new hands-on lab, building a full enterprise deployment week-by-week, step-by-step. Rich explains all the details to JJ and Drew including the cost... Read more »

You’re already running IPv6, even if you don’t know it yet. Your remote users are using it at their homes, your printers come with it built into the kernel, your generals are using it on their mobile phones (check out our news headlines section). So let’s stop trying to disable it whack-a-mole style, and start... Read more »

This episode is for IT professionals who work in small- to medium-sized businesses and are expected to handle cybersecurity on top of issues like “my camera isn’t working on Zoom.” Guest Joe Stern has been filling this role for an 80-person company for almost 30 years. We talk about how he prioritizes risks, security tools... Read more »

According to Bryson Bort, you can build higher metaphorical fences, electrify them, and have sharks with laser beams prowling the moat, but attackers are still going to get through the security perimeter. That’s why the priority of any IT team should be to identify anomalies and anticipate attack logic. To do this, organizations need to... Read more »

When you’re picking a penetration tester to poke at your security infrastructure, how do you know if you’re picking a good one? Is pen testing even the right service for your needs? Pen tester, SANS course creator, and OWASP board member Kevin Johnson joins the show to share tips for what to look for in... Read more »

What are the best cybersecurity certs to get? Do advancements in cloud and AI mean security professionals need to re-skill? How do certifying organizations decide what new courses to create? Chief Curriculum Director and Faculty Lead at the SANS Institute, Rob Lee, joins Jennifer “JJ” Minella and Drew Conry-Murray to give an insider’s view on... Read more »

Today we look at secrets management and privileged access management from the perspective of a network engineer. How do you and your team securely store sensitive data including passwords, SSH keys, API keys, and private certificate keys, while still being able to work nimbly? What Privileged Access Management (PAM) practices can help put guardrails in... Read more »