In a security industry that hasn't changed much in 20 years, SafeNet's Andrew Younger says, it's strange that nothing much has changed in that time – except that we keep failing.
Although web application attacks have existed for over the last 10 years, simple coding errors, failed input validation and output sanitization continue to exist in web applications that have led to disclosures for many well-known companies. The most prevalent web application attacks are SQL Injection, Cross Site Scripting and OS Command Injection. With an increased number of companies conducting buisness over the Internet, many attackers are taking advantage of lax security and poor coding techniques to exploit web applications for fame, notoriety and financial gain.
Sydney-based start-up Packetloop has gone live with its security-analytics-as-a-service offering. The service came out of private beta earlier this month.
Security researchers are warning businesses and consumers to immediately disable Universal Plug and Play (UPnP) functions on thousands of networked device products after revealing common flaws that can be easily exploited by a remote attacker.
A US company has named over 50 Australian network operators for helping supercharge a three week distributed denial of service (DDoS) attack on one of its customers, but an Australian network engineer says the companies blamed probably aren’t at fault.
What is big, flexible, red and costs more than your average mid-range family sedan? Not a HSV—not quite that much—but this top of the range unified threat management (UTM) device (or in this case, XTM– the X presumably being a variable) is definitely in a high performance category. The XTM2050 from WatchGuard is one of a new breed of security devices that packs punch.
Review of the Juniper EX4500 Ethernet switch. They connect desktops to servers in the data centre via a three-tier system of access, aggregation and core Ethernet switches.
With data becoming more valuable, the need for security also gets greater. Today’s technology and working behaviours both facilitate data being easily transported. Information is far less static due to home working, multiple office sites, low cost USB storage devices and DVDs. With all these portable devices and data being moved from place to place we must be mindful of data backup.
Cyber-attacks are constantly evolving and the attack methods used are constantly adapting. In a similar way, the traditional layers of defence have grown increasingly complex and interrelated. The convergence of security technologies to a single appliance; the Unified Threat Management (UTM) device is a logical approach and can go a long way towards managing security in most organisations.
In order to improve productivity and minimise risk, most organisations need a reliable method of protecting their employees from unwanted email (spam) and malicious software (malware). In addition, it is also necessary to protect the corporate network by restricting access to inappropriate content.
Presentation by Russell Clarke and Mark Jones - Directors of RMSEC.
These days barely a day goes by where there isn’t some sort of network security breach or hack or malfunction of some sort. This year too we had the rise of groups such as Anonymous and Lulz that sought out attention for their activities. Here we take a look at the year in pictures of some of the key security problems that grabbed our attention.
The complexity of encryption schemes has been increased dramatically in an attempt to outpace the development of computational tools designed to crack them. Now it's important to devise algorithms that can't be brute forced for trillions of years in the hopes that they will remain secure long enough to be useful before they, too, are broken. Here's a quiz about encryption to see how well you are versed in one of security's most important components. Keep track of your score and check at the end to see how well you stack up.
Symantec Vision 2011 Sydney in pictures
Ponemon Institute asked 745 information-technology and security managers whether USB drives were important for business use, and if they were secure. What did the survey find?
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.
No company wants to be associated with a data breach, but if your systems are compromised the fallout can sometimes be more damaging than the act itself.
Stealthy, sometime long-term cyber-espionage attacks to steal sensitive proprietary information -- what some now call "advanced persistent threats" (APT) -- have become a top worry for businesses.
This is a real issue, and not just one for the well publicised attacks on major corporations such as Sony, Lockheed, Google, and Citi. It affects every business and organisation, large and small. More worrying still, it is now widely suggested that hackers and espionage organisations are moving away from directly attacking their target company, choosing instead to route their attack through suppliers to their target. Thus, even small and seemingly innocuous “third party” businesses who would not consider themselves as potential targets are now on the front line of this cyber war.
Wi-Fi may be the networking method of choice among apartment blocks cropping up in increased numbers in Australia’s major cities, however increased reliance on wireless internet is resulting in more security risks, according to Layer 10 Consulting.
Distributed networks face the ongoing challenge of securing a continually evolving network perimeter. As threats have evolved to exploit the shifting lines of defense, companies have responded by adding additional layers of security. This need for multiple layers of security has placed an enormous strain on IT professionals, increasing their workload through the management of multiple consoles and security devices.
Is your firewall capable of handling the growing demands of your business?
Many organizations are now migrating to Next-Generation Firewall solutions to reduce complexity, consolidate functionality and increase employee productivity. In fact, analysts predict that by the year-end 2014, 60% of new purchases will be Next-Generation Firewalls.
Find out what is driving this phenomenon and you can benefit by these new solutions by attending the Web seminar:
Australians are increasingly relying on the internet in their everyday lives, from banking and shopping, through to using emails, social networking and blogs to keep in touch with family and friends. They are using a range of devices such as smart phones, tablets, computer game consoles and other devices to go online.
Sign up now »
Reduce fraud losses regardless of channel by preventing cybercrime, identity theft, and other threats targeting your customers.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.