Get-Winevent Part IV: Querying the Event Log for 'Filtering Platform Connection' Information (Part A)

The command:'auditpol /set /subcategory:"Filtering Platform Connection" /success:enable /failure:enable'enables the "Filtering Platform Connection" security counter on Windows 7. The "Filtering Platform Connection" gives your event logs access to the following counters:Filtering Platform Connection           Success and FailureObject Access Filtering Platform Connection 5150 The Windows Filtering Platform has blocked a packet. Windows 7, Windows Server 2008 R2Object Access Filtering Platform Connection 5151 A more...

Read More

Clowns Base Key Financial Rate on Feelings, Not Data

If you've been reading this blog for a while, you know I don't think very highly of mathematical valuations of "risk." I think even less highly of the clowns in the financial sector who call security professionals "stupid" because we can't match their "five digit accuracy" for risk valuation. We all know how well those "five digit" models worked out. (And as you see from the last link, I was calling their bluff in 2007 before the markets imploded.)...

Read More

Salvaging Poorly Worded Statistics

Today I joined a panel held at FOSE chaired by Mischel Kwon and featuring Amit Yoran. One of the attendees asked the following: At another session I heard that "80% of all breaches are preventable." What do you think about that?My brief answer explained why that statement isn't very useful. In this post I'll explain why. The first problem is the "80%." 80% of what? What is the sample set? Are the victims in the retail and hospitality sectors...

Read More