Center for Internet Security Benchmark is Done!I've never been one of those people who bow to theorists or scoffers. Gobbledee-gook's session set up dynamic link library has a remoteable overflow... Who Cares? What code doesn't have an issue with code quality? What can you do to mitigate the vulnerability? That's the core question for me.
I haven't been blogging much because I've been incredibly busy. Fortunate enough to be asked to edit a book, teaching my usual Fall class, and last, working on the Center for Internet Security's benchmark on Check Point firewalls.
Most of you know that I like Information Security; what you may not know is that I'm a Certified Check Point Security Engineer and Administrator, thanks to passing some exams a long time ago.
For most, that makes me a 'Paper Tiger', one of those fools who trumpets academic luck in an exam as actual experience with a product and implementing it. For me, it demonstrates that I like firewalling in general and that I'm willing to go the extra mile to learn and to use Check Point products.
Willing enough to attempt to get a Check Point benchmark written and approved since 2003! Is this benchmark perfect? Not at all, but it's a great first start. So what is the point of this blog?
If you're a
driven security professional who is looking for a great organization to
associate you and your work to, Center for Internet Security is as good as they
get. The CTO is a great person with a
very wide technical background that allows him to link the layers into a
Consistent Multi-Layered Security design.
Do you think
it'd be great to help the industry establish realistic technical
baselines? Get involved. Do you desire to meet the same types of
people who find Poindextering exciting and meaningful? Join up.
Each week, you'll get a newsletter chock full of meaningful progress and
interesting URLs from the Internet.
Do you like VPN security issues? Sign up. That's our next great discussion...