Et Cetera

Thu
17
Sep

Social Engineering: The Overlooked Exploit

Contributed by Gregory Jenkins We are in a world where the rapid advancements of technology have become the focal point of almost every industry. Organizations are expanding faster than ever. Countries are rolling out attractive incentive programs for professionals who can protect its physical and digital assets. Past technical exploits of past generations, has resulted in a newfound awareness of the importance of information security. The phrase “information security” usually evokes an image of a tech savvy individual using various devices to probe for unauthorized information. However, the human approach, often called social engineering, is the art of using psychological manipulation to obtain unauthorized information. It is one area that is rarely thought of and is increasingly being seen as a vital tool in circumventing evolving security mechanisms.

Thu
17
Sep

Next Generation Firewalls

Contributed by Rob Cavana I will be reviewing Next Generation Firewalls. Next Generation Firewalls provide many advantages over their predecessors which I will cover in detail. We will cover the benefits of these advantages and why a company that is looking at adding a new firewall or replacing an existing firewall will want to consider making the investment in a Next Generation Firewall to take advantage of these benefits.

This document is in PDF format. To view it click here.

Thu
17
Sep

Building Business Unit Scorecards

Contributed by Dennis Opacki

Security managers are increasingly turning to security metric scorecards, hoping to produce buttoned-up business cases for spending, and drive accountability outwards to business units. Though recent articles on security metrics have approached scorecards as data visualization exercises 1, one problem remains; measuring an immature organization’s performance is difficult. Producing effective security metric scorecards takes great diligence in metrics definition, data gathering, reporting and communication.

This document is in PDF format. To view it click here.

Thu
17
Sep

Preventing a Brute Force or Dictionary Attack: How to Keep the Brutes Away from Your Loot

Contributed by Bryan Sullivan

To understand and then combat a brute force attack, also known as a dictionary attack, we must start by understanding why it might be an appealing tool for a hacker. To a hacker, anything that must be kept under lock and key is probably worth stealing. If your Web site (or a portion of it) requires a user to login and be authenticated, then the odds are good that a hacker has tried to break into it. In terms of processing power, it is expensive for a Web site to require authentication, so it is usually only required when the site stores valuable private information. Corporate intranet sites can contain confidential data such as project plans and customer lists. E-commerce sites often store users’ email addresses and credit card numbers. Bypassing or evading authentication in order to steal this data is clearly high on a hacker’s priority list, and today’s hackers have a large library of authentication evasion techniques at their disposal.

Wed
16
Sep

Browser Identification for Web Applications

Contributed by Shreeraj Shah

Browser Identification is not a new concept. With the focus having shifted to desktops from networks and servers, a topic such as remote browser identification needs to be revisited.

Browsers identify themselves to web servers in the USER_AGENT header field that is contained in requests sent to the server. Almost every release of browsers contains sloppy code that allows malicious servers or attackers to compromise user privacy and security.

This document is in PDF format. To view it click here.

Pages

Subscribe to RSS - Et Cetera