Zero Trust

This morning I was interviewed on the Mike Farwell Show (CityNews). You can check the interview here @ 54:50.

SolarWinds Web Help Desk CVE-2024-28986 (rated 9.8 our of 10) is now included in CISA’s Known Exploited Vulnerabilities (KEV) Catalog, indicating its active use in cyber attacks, giving affected agencies until September 5, 2024 to fix the flaw under Binding Operational Directive 22-01. How fun.

Shared password bad. 10 billion passwords leaked. Your team installed some shadow IT remote access solution with a shared password.

You wouldn’t download a PLC, would you? Rockwell Automation alert on public access to PLC, and a Shodan search to fact check it.

This blog post explores the challenges of securing remote access to SCADA systems and how Zero Trust can act as a solution.

In this blog post, we’ll dive into the Zero Trust vs. VPN security model differences and why the former is ultimately the far superior choice for secure, seamless remote access. 

In this blog post, we’ll delve into the challenges of enabling SSH for remote access and how you can do so without compromising security through Zero Trust.

In this post, we’ll explore the limitations of VPNs and delve into how to enable Rockwell Automation remote PLC access.

Split Horizon VPN’s are used to avoid breaking video conferencing. They are unsafe. See paper for route injection issues.

What are the risks of using VPNs in water and wastewater facilities? We’ll help you answer that question and understand what to do instead.

There are many security risks of using shared credentials in water and wastewater facilities. Here’s why you should eliminate them and how to do it.

Perimeter security approaches are no longer effective. A Zero Trust Network Architecture is a powerful, modern way to protect your network from cyber attacks.

Securing your third-party vendors can help reduce the cyber risk to your control systems and improve overall industrial network cybersecurity.

This article will give you an overview of the CISA Zero Trust Maturity Model, the changes made in Version 2.0, and how it can benefit your organization.

This article will give you an overview of NIST 800-207 and the different ways your organization can implement Zero Trust to meet the guidelines.

Vendor privileged access management best practices: Access control, strong, unified authentication, fine-audit, secure access.

Single-Sign-On and Identity Providers are often treated as the same. But, the IdP facilitates the SSO. You can have multiple IdP if desired.

Identity vs Authentication. Who are you. Prove it. Related but different concepts. Ensure your IdP does not give identity when it realy means authentication.

Cybercriminals had a record year, the cost of a breach reached new highs in 2021. With clear cybersecurity goals, businesses avoid becoming a news headline.

Reconfigure a VoIP PSTN gateway remotely via Zero Trust with Multi-Factor Authentication and single-sign-on to avoid a DDoS.

e encouraged to create API keys by many SaaS tools, and, these present real authorisation challenges.