SECTION 9 Cyber Security


Information Security is the name of the game. Don't let the hackers win!

10:20 | Nov 25th

We’re running away to Hawaii for a week. What do we do with our systems? Something to think about when you’re IT team is just two people. Just like everything else we do here at Section 9. We need to plan for this.

18:13 | Nov 18th

The Microsoft Azure tutorial we’ve been following is more work than we thought. Accessing the Windows server 2016 VM in Azure is tricky. They want this directly connected to the internet with RDP wide open. That might work for testing. That’s not goi...Show More
Get the best podcast recommendations in your inbox every week. 😎

18:27 | Nov 11th

Thanks to Jack, a listener of the show, we’re looking at Azure pricing. What are we paying for? We’re not sure. Microsoft says they’re being transparent with Azure pricing. I’m not sure sure about that.

17:22 | Nov 4th

More Azure! We’ve added a custom domain and configured a password rest option. We’ve also made Dorothy an owner of the Azure subscription. It took a bit of research to get this done. The tutorial is good, but it doesn’t cover everything. We still hav...Show More

19:22 | Oct 28th

Time to learn about Azure. Last episode we talked about Azure Active Directory Federated Services. What we really want is Azure AD DS.

30:35 | Oct 21st

We’re looking into new technology like Azure AD FS. Before we can start new projects, we need to get the operational side of things in order. We’ve done a good job of clearly defining a patch management process. It’s time to work on change, incident ...Show More

15:34 | Oct 7th

Are fancy security solutions like Palo Alto firewalls, ExtraHop or LogRhythm going to keep you secure? By them selves, no. It doesn’t matter what the vendor says. There’s no such thing as a security solution that magically saves the day. A good solid...Show More

23:20 | Sep 24th

How do we do section 9 projects, keep systems running, and record a weekly podcast while having full time jobs? We need the right combination of tools and process.

16:07 | Sep 23rd

Time to talk about the new job. Can’t say much yet. I start this coming Tuesday. I can say that what they offered was too good to believe. They want to do the things we talk about on the show. Proper planning, management, documentation. They even tal...Show More

26:00 | Sep 16th

Time to start securing systems and software. To do that, we’re using the CIS benchmarks. These are configuration guides for things like Windows 10 and BIND 9. The two things we’re focusing on. We have to start somewhere.

28:59 | Sep 9th

Are we going in the right direction? Are we doing the things we said we would? Time for a quick review. Overall, we’re doing pretty good. There are a few things we need to work on. That’s okay. Now’s the time to figure that out. We still have a long ...Show More

27:26 | Sep 2nd

We found a couple of vulnerabilities during our weekly patch review. According to Automox, we needed to update Google Chrome and Microsoft’s .NET framework. This lead to a discussion about patching early. Don’t panic. Make a plan before you do anythi...Show More

27:02 | Aug 26th

We’ve got a Synaccess network connected power strip. Devices like this aren’t built with security in mind. Is this device a security issue? Should we be concerned? Could a hacker access this device?

15:17 | Aug 19th

We have business & tech issues to deal with. On the business side, we have some basics to take care of. It’s part of doing business. On the tech side, we’ve decided to focus on Risk Assessments. We’re conducting two kinds. A quick critical controls a...Show More

16:58 | Aug 12th

It’s official! We can say we’ve double checked our patch process. It’s quick and easy. We still have to double check our 3rd party apps. We’re hoping to start that process before the end of the month. Remember, patching is one of the most important...Show More

15:39 | Aug 5th

I finally downloaded, installed and tested Nessus Essentials. It worked out better than I expected. While it does have some limitations, it found Vulnerabilities on our servers. It’s another tool for the tool box. This version is free.

30:12 | Jul 29th

What I thought were Automox issues turned out to be our issues. We go over the good and the bad. We’re a few steps closer to a good patch management process.

22:06 | Jul 22nd

There’s only two of us here at Section 9. Deploying and using LastPass was relatively easy. What about using it in an enterprise environment with hundreds of workstations and laptops? That’s the real challenge. What features are we going to use? How ...Show More

20:45 | Jul 15th

We’ve got a patch management process. It isn’t perfect, but It’s a start. That’s way better than some organizations. What’s next? Testing it on Patch Tuesday.

17:35 | Jul 8th

After migrating to smaller, cheaper servers on DigitalOcean, I realized we need a new management process. We need a checklist that says do these 10 or 15 things. We’re starting the conversation. We hope to have this figured out soon.

32:38 | Jul 1st

Time to start thinking about secure configurations. What is a secure configuration? What gets configured? How do you manage them? This is just the beginning!

24:01 | Jun 24th

We’ve got a HIPAA correction to make, BIND 9 changes, & a new help desk solution called Jitbit.

17:56 | Jun 17th

In this episode we talk about patch Tuesday, An issue with Automox, & HIPAA compliance. We also have a bit of interesting news. We might have our first client. There’s a minor issue. They asked about HIPAA compliance. We’re not HIPAA experts. However...Show More

32:17 | Jun 10th

The city of Baltimore wasn’t patching. They got hacked. One million systems connected to the Internet are vulnerable to BlueKeep. Why haven’t these systems been patched? When will they be hacked? Not patching could lead to you or your organization...Show More

24:02 | Jun 3rd

The City of Baltimore was hit by Ransomware. We go over some of the details, including an unpatched vulnerability from 2017.

22:03 | May 27th

I finally took a look at the Verizon Data Breach Report. If you haven’t read it, do it now. This report helps you understand how the hackers are getting in. You need to know how they get in if you want to plan for prevention and detection.

26:50 | May 20th

With the help of Automox, we survived patch Tuesday. We know all of our Windows systems are patched. This process wasn’t seamless. It required a few more mouse clicks than we expected. I’ll take a few more mouse clicks over manually patching any day.

36:37 | May 13th

Automox is a cross platform patch and configuration management solution. This thing is awesome. We patched an Ubuntu workstation and 3 Windows 10 systems. We even installed notepad++ on a couple of Windows 10 systems. All this was done from Automox.

25:25 | May 6th

The first three critical security controls might seem simple, but they’re not. For those that have a hand full of devices, they can be simple. For those that have more than a hand full, they can be difficult to implement.

20:12 | Apr 29th

As the title says, we’ve come up with a security program that works for everyone. For some, this is it. For others, this is a place to start. We’re basing this on the first three CIS controls. We’re also using the new implementation groups in versi...Show More