Demilitarized zone or DMZ as it is abbreviated is a firewall configuration for securing internal network of an organization.In any business environment a need arises to permit external access to some part of organization’s network, for example to enable external e-mail to be received and to provide public access to a web site. This introduces the concept of the “demilitarized zone”. Continue reading “Understanding Demilitarized Zone in Networks”
PCI Compliance-Code Review or Web Application Firewall
Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.
Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.
Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.
Continue reading “PCI Compliance-Code Review or Web Application Firewall”
7 Basic Steps to Secure Your Wireless Router
Wireless network has become one of the weakest security links in IT infrastructure in recent times. Many security incidents have been linked to weak configuration of the Wi-Fi router at home / office. This article gives a checklist of 7 basic steps to secure your Wi-Fi router. Continue reading “7 Basic Steps to Secure Your Wireless Router”
Audit of Solaris BSM – An Overview
Basic Security Module or BSM is the audit tool used by Solaris Operating System. The BSM files are located in the /etc/security directory. To enable the BSM, the administrator has to run the bsmconv script. This script creates a number of files in the /etc/security directory. In this article we shall discuss two important files that are created viz. Audit Control File and Audit User File Continue reading “Audit of Solaris BSM – An Overview”
US loses one laptop every 50 seconds in its airport!!
Imagine the situation of losing one’s laptop. What is the cost? It involves not only losing a significant expense but also the data stored in it which may range from personal data like photos, important numbers, music, software etc to corporate data where the cost involved could be unimaginable. A recent survey conducted by Dell and Ponemon Institute reveals that upto 12000 laptops are stolen in the United States Airport every week. This means one laptop is getting stolen every 50 seconds approximately!! Continue reading “US loses one laptop every 50 seconds in its airport!!”
Session Management in Web Applications
Web applications are those that are accessed using web browsers like Firefox or Internet Explorer. The protocol used by web applications is called Hyper Text Transfer Protocol (HTTP). The secure version of this protocol is HTTPS.
Botnets – What you need to know
Botnets are suddenly in the news for all the wrong reasons. What are botnets and why are they in the news?
How secure is your password?
Information Security experts recommend that password length should be minimum 8 characters and should have a mix of alphabets (lower and upper case), numerals and special characters. What happens if a user has a password of a lower strength? In this article, you can check how strong your password is. Continue reading “How secure is your password?”
Tech Terminology Demystified – Cross Site Request Forgery
A CSRF attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim. The malicious code is often not on the attacked site. This is why it is called “Cross Site”.
Continue reading “Tech Terminology Demystified – Cross Site Request Forgery”
What is Cloud Computing
Cloud computing is getting tons of press these days. Big names such as IBM , Amazon are already in the market with service offerings.So what exactly is cloud computing and how does it work.