Tech Tips from the Castle


In the ArcSight SIEM, the ESM, all content should start with a Filter. When making content such as an Active Channel, Query or Rule always reference Filters in the Conditions and Filter tabs. Even a Filter should start with a Filter, when possible.

This important principal makes ArcSight content m...

Continue Reading...


Kanye West is certainly all over the news these days. With today being World Password Day, it got me thinking how he could play a role in cybersecurity. And that contribution? Passwords. Confused? Let me explain.

A problem with passwords is that we have waaay too many to remember. Secondly,...

Continue Reading...


Keeping the Wolves at Bay

April 18, 2018

The old biblical adage to “beware of the wolf in sheep’s clothing” in many cases applies to system administrators. Unfortunately, their mission sometimes conflicts with the security department. They must provide computing resources to users and they want to do it as quickly as possible. Bus...

Continue Reading...


High value targets are resources that would be of great interest to people who should not have access to them.

These might be folders containing compensation information, the email mailbox of the CEO, or the database containing the credit card numbers of your customers. Knowing where that data is...

Continue Reading...


Stay Away from the DUPs

March 20, 2018

We call them DUPs (rhymes with pups) and we are not referring to duplicates. What we mean are Direct User Permissions.

In the Microsoft world of CIFS shares you can provision access to folders in three ways: direct user permissions, Active Directory groups, or through built-in groups such as A...

Continue Reading...