Get expert insights on the latest developments in cybersecurity to stay ahead of the curve.
In this tutorial, we’ll see exactly how to configure and connect to WPA/WPA2-Enterprise networks in 10.5 Leopard and 10.6 Snow Leopard. A quick note about the screen shots: they are taken from 10.5; some windows differ in 10.6. Quickly connecting to an 802.1X network First, let’s see how easy it is to connect to an… Read more
Introduction Web Application Firewalls (WAFs) entered the IT security scene about 10 years ago with offerings from start-up companies Perfecto (renamed Sanctum before being acquired by WatchFire in 2004), KaVaDo (acquired by Protegrity in 2005), and NetContinuum (acquired by Barracuda in 2007). The premise was fairly simple: as attacks moved up the IP stack to… Read more
One of the best ways to defend yourself against a Wi-Fi hacker is to learn to think like one. As a hacker, you could simply be on a quest to find something as innocent as free Internet access, or you could be a serious criminal, hired by a cybercrime syndicate to get inside a corporate… Read more
Even in this day and age, after decades of having the Internet, we are still surprisingly sending and receiving most of our e-mails and information insecurely through the World Wide Web. We’re still using most of the founding protocols and technologies that transfer data in what we call clear-text. When in clear-text, your passwords and… Read more
Protocol analyzers are often used to capture, decode, and evaluate traffic flows and packets for network debugging, troubleshooting, and optimization. But did you know that a protocol analyzer can also be indispensable for security incident investigation? Perhaps the best-known open source protocol analyzer is Wireshark (nee Ethereal), capable of decoding scads of protocols, captured from… Read more
All new Wi-Fi CERTIFIED products support WPA2 (AES-CCMP) security, but that’s not enough to harden a WLAN against attack. Breaches can still be caused by policy, configuration, and coding mistakes, overly-friendly clients, or unauthorized APs. Continuous surveillance and periodic assessments are important to spot (and then patch!) these and other WLAN vulnerabilities. You can’t conduct… Read more
If you carry corporate information on a standard USB flash drive and it gets lost or stolen, the resulting data breach can be catastrophic. That’s why you should carry your data on an encrypted flash drive. In fact, in many cases the use of an encrypted flash drive is required for regulatory compliance or data… Read more
Every e-mail user has experienced phishing first-hand. Phishing refers to fraudulent communications that use social engineering and technical subterfuge to bait victims into disclosing personal identities and credentials. Phishing is big business: Criminals reel in billions from fraudulent financial transactions, executed with phished data. With so much at stake, can you recognize a phish when… Read more
The rush to virtualization has yielded a major vulnerability. According to a study just released by Gartner, the majority of servers being virtualized are less secure than they were when they were separate, physical servers. Virtualization has been used as part of a consolidation strategy to put a multitude of underutilized servers on one physical… Read more