"Audit finding: Enable email scanning in Windows Defender must be enabled." Yeah except this setting hasn't done anything since Office 2003.
-
-
I spend most of my time running dod networks and have never heard this particular criticism of FIPS. I’m sure it’s just ignorance on my part. Any supporting docs for me to look at? (I have a system with trouble enabling fips on a DoD network and this can help get it waived)
-
Remember Heartbleed? Vendors enforcing FIPS-validated crypto couldn't fix for days (until the patched OpenSSL made its way through CMVP). Vendors who didn't have to enforce validated FIPS could fix in hours.
- Još 7 drugih odgovora
Novi razgovor -
-
-
Actually, don’t implement STIG at all, first update your computers and 3rd party software, remove everyone from Domain Admin, implement LAPS, then pick and choose
@CISecurity baselines based on your network.Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
(I used to audit installations vs the STIGS awhile ago when I worked for DISA) The Windows STIG in particular was never something that was meant to be fully implemented. Blindly turning them all on will not leave you with a usable system
-
Why was it like that? The auditor has to tailor the findings?
- Još 3 druga odgovora
Novi razgovor -
-
-
As somebody who has to use FIPS in production all the time I fully concur. Unless you are forced by a regulatory body to turn on FIPS do not turn on FIPS.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Tweet je nedostupan.
-
The idea is simply to avoid doing important crypto with the equivalent of ROT13 or RSA with known-bad primes, etc. In the meantime the commercial space caught up to and surpassed gov't standards so FIPS now has the effect of holding gov't back instead. :(
- Još 2 druga odgovora
-
-
-
FIPS: The certification you gotta have that no one uses.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
On the client side, Helps you find unpatched RDP stuck using TLS 1.0 or printers
Also I like how masscan prints negotiated TLS protocol with banner option so you can differentiate between “Supported” and “Used”. What would break with TLS 1.2 only became known quickly.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.