One of the IT security best practices in desktop usage is to run a computer on the least privilege required. This means, an end user should log into his PC / laptop as a standard user and not as an ‘administrator’. This is applicable to both, home and enterprise environment. The advantages of such least privilege computing are listed below. Continue reading “Why ‘Administrator’ privileges should not be given to end users?”
Selection of cloud service provider made easy
Cloud computing has started gaining momentum. More and more organizations are moving to the cloud by the day. While doing so the user organization (tenant) will have to ensure that the cloud service provider has the capability to meet the tenant’s requirements in terms of data security, availability, compliance, scalability and convenience. Continue reading “Selection of cloud service provider made easy”
Evil 8: Mobile Security Threats
CSA (Cloud Security Alliance), an non-profit organization with a mission to promote security best practices within cloud computing, has come up with a list of ‘Top Threats to Mobility’ from a cloud centric view point. These threats, named as ‘Evil 8.0’ by CSA, have been listed below. Though, these threats are cloud centric, they are very relevant to all mobile end users and enterprises which are not on the cloud. Continue reading “Evil 8: Mobile Security Threats”
Intrusion Deception – Counter offense is the best defense
Information Security mostly revolves around defense in depth. Hitherto, we have had ‘Intrusion Detection’ and ‘Intrusion Prevention’ tools and techniques. But the newest technique in securing information assets, ‘Intrusion Deception’, has turned the security concept upside down and relies on counter offensive ‘honey pot’ methodology to protect the information assets in an organization. Continue reading “Intrusion Deception – Counter offense is the best defense”
Email Spoofing – Ways to minimise damage
What is e-mail spoofing?
“Email spoofing” is a term used to describe fraudulent emails in which the sender’s address and other parts of the email header are altered to appear as though the email originated from a different source. Continue reading “Email Spoofing – Ways to minimise damage”
OWASP ‘Top 10 Mobile Risks’ – Part 1
OWASP (Open Web Application Security Project) has come up with a top 10 risks for the mobile technology. This list is in the ‘beta’ stage. The list, released on 23rd September 2011, has been under a 60 day review period and is due for a final version release any time. When released, this will be the first official version of OWASP top 10 for mobile applications. The current list of OWASP Top 10 Mobile Risks (Release candidate) is reproduced below: Continue reading “OWASP ‘Top 10 Mobile Risks’ – Part 1”
Tech Terminology Demystified – WIPS
WIPS stands for ‘Wireless Intrusion Prevention System’. WIPS helps in identifying unauthorized (‘rogue’) access points in an organization and taking appropriate countermeasures against the rouge devices. Continue reading “Tech Terminology Demystified – WIPS”
How to secure a virtualized environment?
We had already gone through how virtualization works and the benefits it provides in an earlier blog, ‘Server Virualization Simplified’, in June 2011. Now let us find out how to secure a virtualized environment. Continue reading “How to secure a virtualized environment?”
What do you do with your firewall logs?
Most enterprises have firewalls installed at their gateway to the internet. These firewalls have been configured with rule-sets to allow / deny data packets from entering or exiting the organisation. Firewalls also have other features like gateway anti-virus, VPN security, LAN segmentation etc. One such feature is the ‘logging’ feature. Continue reading “What do you do with your firewall logs?”
Wardriving – Tech Terminology Demystified
Wardriving is a reconnaissance act of driving around a locality looking for wireless networks / access points. Continue reading “Wardriving – Tech Terminology Demystified”