Authored by: PlexTrac Author Posted on: October 22, 2019 Prevent Unauthorized Software from Contaminating Company Networks End-users are one of the most common targets for the contamination of a Company network. These users can be easily manipulated if not well informed. Hackers use this to their advantage for personal gain of your information, or an overall sabotage of your company. This blog post clearly communicates the role of the user in preventing the introduction of unauthorized software. It also makes clear prohibitions against malicious “hacker-like” activities on Company networks for any purpose. Users should adhere to the following directives in order to ensure a preventative strategy against malware and other unauthorized software: 1. Only Let Authorized Individuals Install Software Only authorized staff or contractors, with express approval, are authorized to install or download any software. Any requests for changes to established baseline configurations of any information systems must be submitted to management or the designated representative. Staff will research potential business, security and financial impacts of the requested changes and disseminate this research to members of the Change Control Board. 2. Do Not Disable Endpoint Protection Users must never disable or suspend endpoint protection software enabled on their machines. (e.g. Windows Defender or another anti-virus/endpoint protection). 3. End Users Must Not Introduce New Code End Users must not intentionally write, generate, compile, copy, propagate, execute, or attempt to introduce any computer code designed to self-replicate, damage, or otherwise hinder the performance of any computer’s memory, file system, or software. 4. No Form of Network Monitoring is Allowed Port scanning, security scanning or executing any form of network monitoring which will intercept data not intended for the employee’s host is expressly prohibited. 5. No Interfering with or Denying Service to Other Users Interfering with or denying service to other user, or using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet is expressly prohibited. PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.
From Friends Friday to Black Hat Europe: What Security Teams Should Focus on Next Software supply chain vulnerabilities are becoming one of the most unsettling challenges in modern cybersecurity with increasingly creative attackers. To explore these issues, our founder, Daniel DeCloss, sat down with Jonathan Leitschuh, an open source security researcher known for uncovering high-impact vulnerabilities, advancing responsible disclosure practices, and pushing the industry toward more secure-by-default software. READ ARTICLE
The Missing Link Between Pentest Findings and Fixes Why Every Security Program Needs a Mobilization Coordinator Pentests rarely fail because testers miss something critical. In fact, that part usually goes pretty well. The breakdown almost always happens after the report is delivered. Findings sit untouched. Some get half-fixed. Others disappear under the weight of sprint deadlines, operational noise, or the vague hope that... READ ARTICLE
The Automation Imperative: Why Pentest Delivery Must Catch Up With Continuous Testing Security feels a lot like Whac-A-Mole these days. Between cloud-native architectures, microservices, APIs, and rapid deployment cycles, cybersecurity threats are constantly popping up and redefining how software is built and delivered. Yet penetration testing, which is a proven method for identifying exploitable weaknesses, remains a point-in-time snapshot.In some cases, annual penetration tests don’t even happen.... READ ARTICLE