Why ‘Administrator’ privileges should not be given to end users?

One of the IT security best practices in desktop usage is to run a computer on the least privilege required. This means, an end user should log into his PC / laptop as a standard user and not as an ‘administrator’. This is applicable to both, home and enterprise environment. The advantages of such least privilege computing are listed below. Continue reading “Why ‘Administrator’ privileges should not be given to end users?”

Evil 8: Mobile Security Threats

CSA (Cloud Security Alliance), an non-profit organization with a mission to promote security best practices within cloud computing, has come up with a list of ‘Top Threats to Mobility’ from a cloud centric view point. These threats, named as ‘Evil 8.0’ by CSA, have been listed below. Though, these threats are cloud centric, they are very relevant to all mobile end users and enterprises which are not on the cloud. Continue reading “Evil 8: Mobile Security Threats”

Intrusion Deception – Counter offense is the best defense

Information Security mostly revolves around defense in depth. Hitherto, we have had ‘Intrusion Detection’ and ‘Intrusion Prevention’ tools and techniques. But the newest technique in securing information assets, ‘Intrusion Deception’, has turned the security concept upside down and relies on counter offensive ‘honey pot’ methodology to protect the information assets in an organization. Continue reading “Intrusion Deception – Counter offense is the best defense”

OWASP ‘Top 10 Mobile Risks’ – Part 1

OWASP (Open Web Application Security Project) has come up with a top 10 risks for the mobile technology. This list is in the ‘beta’ stage. The list, released on 23rd September 2011, has been under a 60 day review period and is due for a final version release any time. When released, this will be the first official version of OWASP top 10 for mobile applications.  The current list of OWASP Top 10 Mobile Risks (Release candidate) is reproduced below: Continue reading “OWASP ‘Top 10 Mobile Risks’ – Part 1”