News & Publications

Title Date

The So-Called Intel Bug

Two named bugs dropped on January 3rd, both concerning the way in which modern CPUs work. Nearly all intel hardware for approximately the past 25 years is affected. The Meltdown and Spectre bugs are severe in nature, and organizations will need to address the specific and pervasive risk of information leakage and take specific mitigative measures.

Best practice Audit Policies - Windows OS

When configuring Windows to write audit logs for your SIEM, consider the following policies as a way to improve value over volume in your logging.

Set It and Forget It...Fail.

You’ve set up your SIEM, you have logs flowing and a report or three. You are done, right? You don’t need to look at it every day, right? You can just check it on Friday on the way home, right?
It emails you an alarm, so you are done, right?

Early Thoughts on Krak

The news is coming out today about a core protocol-level flaw in WPA2-PSK named "KRAK" [a forced acronym for Key Renegotiation AttacK, the method by which connections can be compromised]

Our Thoughts On The Equifax Breach Of 2017

Cross Posted from Net Friends

Castra has been asked by several of our customers what they should do to respond to one of the biggest data breaches ever, the Equifax Breach of 2017 that resulted in the potential loss of sensitive information that could be used for identity theft, impacting just under half of the entire US population, or 143 million people.

How Does The Equifax Incident Compare to Other Data Breaches?

Cross Posted from AlienVault

The Equifax data breach news which broke last week was a bit of a shocker. About 143 million Americans were affected, which is most of the US adult population, and an unknown number of Canadians and Britons. The leaked data included some highly sensitive information including social security numbers, home addresses and credit card numbers.

How to Protect Your Business from a Cyber-Attack

Cross Posted from ITProPortal

In today's digital world, cyber attacks are inevitable and businesses must protect themselves accordingly.

Cleanrooming Legacy Systems

The WCry worm threw into sharp relief how quickly the turnaround between exploit announcement and the use of said exploit in a high-profile attack can be: a vulnerability patched in March, with a public exploit shown in April, was used worldwide in early May.

Network Segmentation

Network segmentation is the practice of dividing a formerly 'flat' network [where every device can contact every other device] into a series of segments that have restricted communication between them.

Egress Filtering

Egress filtering counteracts situations when the attacker is either seeking to sniff internal traffic that may be leaking outside the gateway or to provide a block against [and potentially notification of] so-called C2 traffic generated when an attacker has succeeded in infecting a system. Once egress filtering is put in place, your network will be far safer, and a much harder target for most attackers.

Happy Patch Tuesday

In today's batch of patches from Microsoft, there are several very important vulnerabilities, but there is one that is specifically critical for users of Alienvault installations.



Confused about IDS? Do you wish three experts were just sitting around willing to answer questions about it? Well push policy and sit back because it just happened! Get your questions answered in this "Ask the Experts" Google Hangout. We’ll start off with the basics like implementation; How much IDS do I need? Where do I install it? What can’t IDS do?

AdBlocking and Adblocker Blocking

Most people are familiar with the notion of an adblocker. It's pretty much what it says on the label: a program that blocks ads from showing. They may not, however, be entirely familiar with how adblockers work or what the best kind of adblocker for their use might be.

Default Credentials Considered Harmful

The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in today's world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist because default credentials were implemented on devices, in flagrant violation of best-practices when building appliances.

Shadyware - Fuzzy and Grey like a Cat, not a PUP

I’d like to pose a question: What's the difference between malware and legitimate software? The line between malware and legitimate software can sometimes be a very fuzzy and grey one.

Password Paste Prevention: Security Friend or Foe?

Password managers help secure the sites that allow them to be used – providing protection from both their own users, who historically choose weak credentials when forced to memorize them, and from the users' other accounts on other sites that might have been breached. If this functionality offers so many benefits, why would any site want to disable password managers?

Ultrasound Tracking Beacons Making Things Sort of Creepy For Consumers

Ultrasound is supposed to be our friend. However, the security world was made aware last week of a technology being used by an outfit named "SilverPush" that is utilizing a new and unusual method for tracking mobile phone users with ultrasound signals.

The Ethics of Adblocking

Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads - they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, ads can often become downright dangerous. Where is the balance between the desires of publishers and the safety of users?

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.More Info