Alfred Hall

Sign in

CyberSecurity Strategy

To enforce an effective CyberSecurity policy, company executives need a crisp and concise view of their cybersecurity landscape. An incomplete view of CyberSecurity issues results in the inability of the executives to adequately support their IT Ops / SecOps teams who are tasked with enforcing your CyberSecurity technical policy and regulatory compliance. Without visibility, your CyberSecurity strategy is at risk.​

Lack of visibility means that you are enforcing a ‘best-effort’ CyberSecurity program, unable to understand the scope of work required, let alone prioritize tasks as the full extent of your CyberSecurity landscape is unknown. …

One of the weaknesses in Active Directory and Windows environments that has been widely discussed but often overlooked in practice is the handling of System Administrator users and passwords. The short story is: For a compromised computer, we can essentially assume that an attacker can steal password credentials and hashes which is sufficient to remotely control other machines (pass the hash weakness in Windows). Thus for example, if a Domain Admin logs into a compromised conference computer, the attacker can easily collect the password hash and use to access any other computer on the network, including other computers.

What can…

Oracle databases

Oracle databases like most other things come out of the box with default configuration, for example there are default passwords in place and sample users and databases if you have not be super careful in the installation process. When operating a number of Oracle databases the team faces the following challenges:

  • Lack of visibility of the databases on the network.
  • Hard to remember which versions of oracle each database is running.
  • Hard to remember if the databases are configured differently and in what way.
  • Developers often spin up new up new database instances for testing.

Nanitor solves this problem by…

Alfred Hall

CTO of the Nanitor CyberSecurity solution focused around Vulnerabilities and Security Configurations

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store