web-archive-net.com » NET » S » SHORTINFOSEC.NET

Total: 241

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Information Security Short Takes: What is a Dedicated Server, and Why Would I Need One?
    OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities What is a Dedicated Server and Why Would I Need One A server is essentially a computer that does not do anything else but supply and store information for other computers You could be using one of your computers as a server in your office for example This computer would then be called a server and supplies information even software applications and data to other computers which basically become user terminals If you have an e commerce site or you have a lot of important information that you want to keep safe and secure you should be looking at the best dedicated servers provider in your country or region Normally when you register for a website your website would be hosted on what is called a shared server This means your website and information are stored on a computer that is used by many other customers of that provider In the case of a dedicated server you have your own whole computer and network connection Here is a comparison of normal shared servers and dedicated servers to illuminate the issue Traffic Issues If someone else s website gets a lot of traffic and your website and database are on the same server your website will start to slow down You cannot have this happening if your website and database are crucial to your business operations With a dedicated server you have the one whole computer to yourself and there will be no influence on your traffic from outside sources Size What happens when your website grows With a shared server you will have to keep buying extra space With a dedicated server you have the whole computer and this means it is just about impossible to run out of space Security Information on shared servers is never as secure as dedicated servers There are multiple accounts and multiple users Do you really want your important company information on a computer that is also being used by other people Service Dedicated servers normally come with a range of services such as back up security and support If your information is on a computer provided by a normal shared server supplier you cannot expect the same service Do not expect the computer support with shared servers to match the response times of that provided by your dedicated server company Dedicated also means the company should be dedicated to you and not just the fact you

    Original URL path: http://www.shortinfosec.net/2011/06/what-is-dedicated-server-and-why-would.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Is the Server Running - optimal use of redundancy on a budget
    desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Is the Server Running optimal use of redundancy on a budget When purchasing a server most companies select a server class computer from a reputable manufacturer And in this day usually the servers come loaded with redundant components to optimize server availability and make it more resilient And yet a lot of these servers fail at the first glitch simply because they are not configured properly Here is a brief blueprint on how to optimally utilize the purchased and paid redundancy First let s analyze what is usually redundant in a server If we take into account only the garden variety commercial servers and ignore the hugely expensive fault tolerant machines here is what you usually get Redundant Disk drives Redundant Power Supplies Redundant Network Adapters To achieve a maximum from these elements you should perform the following steps Redundant Disk drives organize them into a RAID configuration RAID 1 mirror is the best in terms of redundancy and speed But you loose exactly 50 of capacity RAID 5 parity gives you the best trade off between capacity loss and optimal performance When planning a RAID look for a server that has a hardware RAID controller The modern server

    Original URL path: http://www.shortinfosec.net/2008/12/is-server-running-optimal-use-of.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Where are the sources of security incidents?
    business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Where are the sources of security incidents Security incidents come in all shapes and sizes They can affect availability confidentiality or integrity Shortinfosec organized a Linkedin poll to observe the opinions of the professionals on what are the sources of security incident that they deem most frequent The poll has 56 respondents and there is no scientific selection of respondent groups to have a full blown research result However this small still nicely represents the issues by frequency that organizations are coping with The poll question was What is the most frequent incident type that is affecting your organization Five answers were suggested Network Issue or Outage External Hacker Attack Internal Hacker Attack Software Error Causing Data Corruption Human Error Causing Data Corruption The poll was open for all Linkedin users for 20 days with invitations sent to the linkedin connections and groups Results and analysis After the closing of the poll the following results were observed Most respondents 66 select network issues as the primary source of security incidents Data corruption due to human error takes the second place with 18 and data corruption due to software error with 13 However the demographics of the responses also indicate different view of the issues from a different executive level Network issue is selected as a primary source of security incidents by operational personnel Management levels have

    Original URL path: http://www.shortinfosec.net/2011/05/where-are-sources-of-security-incidents.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: The SLA Lesson: software bug blues
    the blogging got stuck I Will try to avoid this in the future Now back to my latest experience Part of every Information Security Management System is the incident management process It is as process in which the company identifies a problem which is occurring or has ocurred and performs steps to contain it minimize the impact identify the root cause and take measures to prevent the incident from recurring The incident in question is a dreaded application blocking a company of 1000 employees uses a custom made fully integrated CRM ERP system which exibited complete or partial non responsiveness of several minutes for a period of nearly two hours This situation was identified at several departments while the rest of the company is functioning as usual As soon as the call came in the incident response team was formed and the problem was analyzed After 15 minutes the problem was identified Accounting has started a program which should run once a week and affects the billing information of most Key Customers This program was started at it s usual time with usual parameters The problem was rectified by stopping the processing and postponing it for after business hours Upon further investigation of the incident it was identified that the problem has occured before at regular intervals but was never reported as an incident The situation has been handled by the IT department who communicated the problem to the software company which created the software as a bug When i requested a status update from IT on this bug report i received a shocking information The software company has closed the bug report with a status of DENIED So I called the release manager at the software company and i got an even bigger shock He explained that the software company decided to deny this bug report due to overwhelming change requests and bug reports from our company In his words this bug was a mere nuisance since it blocked part of the software for about an hour once a week just run it during lunch At this point the incident was no longer just an incident it became a support contract issue so i reported the situation to management and recommended an intervention from their side This incident is a very good lesson in the different priorities and focus of the parties involved For a user of the system any problem can be a show stopper For the manufacturer of the system the same problem can be played down to an importance of an itch There can be many reasons for such a difference in opinion but here are a few There are insufficient human resources to address the issue There are profitable change requests or projects to to address so this element is merely postponed since the software company will not see a profit from engaging their resources into correcting this problem The problem is caused by a design flaw in the system that is either very difficult

    Original URL path: http://www.shortinfosec.net/2008/04/sla-lesson-software-bug-blues.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Brief reminder - The value of a stolen corporate laptop
    Follow me on Twitter Recent Posts Maintaining quality in outsourcing telco services Engaging a team for a security analysis Hacking Virtual Machines Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Brief reminder The value of a stolen corporate laptop Laptops have become a commodity Buying a corporate laptop costs nearly the same as buying a desktop PC And corporations love laptops for one simple reason Laptops are mobile When you issue laptop to an employee you encourage him her to take the work at home Productivity increases at no extra cost But there is a flip side this same trait of mobility also puts the laptop at risk of theft Although the mantra of protecting your laptop is long going there are a lot of companies who do not take this issue seriously The mindset of managers still needs to be adjusted to present the issue Because managers speak the language of money let s make a simple calculation that shows the impact of how much is your laptop worth Total Impact Value Cv Pl 2 Lv ProtL 2 Cv Company value

    Original URL path: http://www.shortinfosec.net/2010/11/brief-reminder-value-of-stolen.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Tutorial - Breaking Weak Encryption With Excel
    user chose is first used to produce a number by adding the ASCII value of every character in the password to produce one large total This number is used as the encryption key The message is encrypted by adding the password key is added to the ASCII value of each letter in the message then it is divided by three A random number between 10 and 10 is added to this new number This becomes the first number in the series and is repeated to produce the second number The third number is the difference between the first two final numbers and the original ASCII value plus the password key At the end every letter in the encrypted message takes on the following format 193 144 164 When decrypting the password key is found in the same way that it s encrypted Each triplet is added together and then the password key is subtracted This is the ASCII value of the letter So in summary an XECryption encrypted message represents each letter in number triplets Here is a sample XECryption encrypted message for your exercise Most readers have already noticed that there are a lot of flaws to the algorithm Here are some which we will use There are multiple decryption passwords there are a lot of combinations of characters that will produce the same number which is used to create the encrypted message In essence Also the encryption number key is contained within the message It is extremely easy to bruteforce this algorithm Here is how to approach this crack and you won t even need to program anything First we need to remember that each total of the triplets contains the encryption number and since it needs to be subtracted from the total the resulting number needs to be positive So your password is contained even in the lowest total of any triplet in the message Once you find the lowest triplet total you can just attempt all numbers starting from the lowest total down to zero as a possible encryption number in essence just bruteforce the text If you use a program to do the bruteforcing you need to program a logic which will be able to identify that the bruteforced result is the real solution This is usually done by counting how many of the bruteforce calculated ASCII codes are codes for letters numbers and punctuation marks If the percentage is large it is a possible solution If you use Excel the pattern matching will be done by your brain a human can easily identify words and discover the solution To utilize this approach simply place the encrypted text into an excel sheet and create sums of every three numbers These numbers are the triplet totals that need to be decrypted Place the triplet totals sequence on row 1 of a sheet and on column 1 find the minimum total of the sequence Starting from this minimum simply fill the rows in column 1 with every

    Original URL path: http://www.shortinfosec.net/2009/11/tutorial-breaking-weak-encryption-with.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Defeating gaming protection on popular gaming consoles
    OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Defeating gaming protection on popular gaming consoles Gaming consoles are great for multiple reasons First the obvious reason you get to play a lot of games and every one of them look as advertised runs smoothly and without performance issues And then there are the additional benefits A gaming console is basically a very beefed up computer Wouldn t it be nice to run it as a full blown computer But gaming console manufacturers need to make the users use only their software with the console that is how they generate profit So all console manufacturers lock their consoles through a firmware protection mechanism that allows only signed code to run on the consoles And a lot of people attempt to bypass these protection mechanisms in order to run custom code also known as homebrew code Naturally all bypassing methods are illegal but we are going to discuss the success of bypassing for different consoles Xbox 360 Xbox 360 is well protected can run homebrew only if you make a hardware modification to the Xbox There are subvariants on modding the Xbox for playing music using large USB files which are much easier But since Xbox is a full blown computer the aim

    Original URL path: http://www.shortinfosec.net/2011/03/defeating-gaming-protection-on-popular.html (2016-04-27)
    Open archived version from archive

  • Information Security Short Takes: Windows 7 Full Disk Encryption with Truecrypt
    Part 1 Sniffing Mac Antivirus Staying careful and safer Steganography Passing through the defenses Choosing a Disaster Recovery Center Location Avoiding security complications when servicing desktop equpment Fuzzing with OWASP s JBroFuzz Mitigating Risks of the IT Disaster Recovery Test Internet Security Categories antivirus 2 audit 1 biometrics 1 Blog carnival 8 business continuity 9 competition 2 Computer security 42 Databases 3 disaster recovery 2 encryption 13 forensics 11 fraud 7 GPS 1 How To 29 Incident Management 7 information security 194 information strategy 78 Instant Messaging 2 malware 1 microsoft 9 Network security 22 penetration testing 38 Physical security 4 privacy 21 SLA 6 software development 14 Solution building 34 steganography 2 Templates 2 training and certification 4 trojan 1 windows 6 Site Meter BlogCommunities Windows 7 Full Disk Encryption with Truecrypt After the TrueCrypt Full Disk Encryption Review and the 5 rules to Protecting Information on your Laptop we are following up with a practical test of full disk encryption of Windows 7 Shortinfosec is a great promoter of full disk encryption of laptop hard drives and we have been using Windows 7 for several months now On 21 Oct 2009 Truecrypt published the version 6 3 which has full support for Windows 7 Of course why go for an open source product instead of the native BitLocker Well Microsoft with it s product strategy includes BitLocker only in Ultimate and Enterprise versions of Windows 7 Can someone say huge security misstep especially for the Windows 7 Pro users Encryption Naturally Shortinfosec started with a full disk encryption test on a laptop The laptop has the following configuration 2 1 Ghz Core2Duo CPU 3 GB of RAM 320 GB of disk drive NVIDIA graphics Windows 7 Pro 32 bit operating system The process is the same as already

    Original URL path: http://www.shortinfosec.net/2009/10/windows-7-full-disk-encryption-with.html (2016-04-27)
    Open archived version from archive