Networks
The latest technologies and best practices to secure local, virtual, cloud, and hybrid networks.
-
7 IPv6 Security Risks
The rise of IPv6 could give you some severe security headaches — even if you have no current plans to implement the new networking protocol. That was the stark warning issued by Eric Vyncke, a security expert from Cisco, talking at the RSA Conference Europe in London this month. On the face of it, there…
-
City of Tulsa Cyber Attack Was Penetration Test, Not Hack
The City of Tulsa, Oklahoma last week began notifying residents that their personal data may have been accessed — but it now turns out that the attack was a penetration test by a company the city had hired. “City officials didn’t realize that the apparent breach was caused by the security firm, Utah-based SecurityMetrics, until…
-
Pwnie Express Intros Power Pwn Hacking Tool
Pwnie Express recently announced the upcoming release of the Power Pwn, a complete penetrating testing platform disguised as a surge protector. “The device is a $1,295 ‘penetration testing’ tool that will lodge remotely activated Wi-Fi, Bluetooth, and Ethernet attacks in an effort to identify network weaknesses,” writes The Verge’s Evan Rodgers. “A convenient web interface…
-
How to Prevent DoS Attacks
Denial of Service (DoS) attacks, in which attackers make it impossible for network users to access information or services by flooding the network with requests that tie up its resources, are among the most feared threats in today’s cybersecurity landscape. According to the US-CERT, DoS attacks are characterized by unusually slow network performance or…
-
Top 3 Insecure Password Management Practices
Here’s a dirty little secret about passwords in the enterprise: In many organizations, IT administrators sometimes follow insecure password management practices because it’s often the easiest way to get the job done. The root problem is one of complexity. Managing passwords for large numbers of privileged accounts – and ensuring that the people, applications, and…
-
How to Run Your Own Certificate Authority
Digital certificates lie at the heart of Public Key Infrastructure (PKI) security technologies such as encrypted email, document signing, VPN access, server SSL authentication, and software code signing. Certificates are a vital part of PKI because they provide a means to establish the ownership of an encryption key. If you have someone else’s public…
-
Smart Meter Hacks Cost a Single Utility $400 Million a Year
According to KrebsOnSecurity’s Brian Krebs, a 2010 FBI cyber intelligence bulletin reported that cyber attacks on smart meters have already cost a single electric utility in Puerto Rico, the Puerto Rican Electric Power Authority, as much as $400 million a year. “The FBI warns that insiders and individuals with only a moderate level of computer…
-
Protecting Against SQL Injection Attacks with Oracle Database Firewall
Exploits that take advantage of SQL Injection (SQLi) vulnerabilities in software are among the most dangerous and prevalent attacks on the Internet today. In a SQLi attack, hackers typically take advantage of security flaws in web application software to pass malicious commands to a database back-end. A SQLi vulnerability can potentially enable an attacker to…
-
Two Factor Authentication: SMS vs. Tokens
The numbers are staggering. About 750 million airline passengers must remove their shoes every year because one lone nut, Richard Reid (now a resident of a supermax prison in Colorado), once tried to blow up a plane with a shoe loaded with Pentaerythritoltetranitrate (PETN). The hordes of stamping stockinged feet notwithstanding, PETN is not detectable…
