Video Screencast Help

Cyber Readiness and Response

Showing posts tagged with Data Loss Prevention (Vontu)
Showing posts in English
Phil Harris | 21 Jan 2013 | 1 comment

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
 
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...

uuallan | 26 Nov 2012 | 1 comment

On Tuesday, November 20th, routers, switches and servers across the Internet reset themselves (or attempted to reset themselves) back to the year 2000.  This sudden change was caused by a reboot of the time server at the US Naval Observatory.  Timing is extremely important to Internet communications, to that end most network devices use a protocol known as Network Time Protocol (NTP) to ensure they are running at the correct time.  NTP operates over UDP 123 and reaches out to a designated device to maintain time sync.  There are volunteer hosts throughout the Internet, such as the one at the US Naval Observatory, that make themselves available for network administrators to sync their servers.  When the reboot of the NTP server at the US Naval Observatory occurred the server set itself back to the year 2000 and when network devices across the Internet checked in for an NTP update the clocks tried adjust themselves back to the year 2000 (many devices will not...

phlphrrs | 14 Sep 2012 | 0 comments

I’ve been hearing and reading about a lot of interesting comments made by various info sec professionals regarding whether or not DLP or anti-virus has outlived its usefulness.  Believe it or not, both of these important technologies are still viable protection mechanisms that must continue to be evolved.  Both are relevant especially in today’s fast-paced information and malware flows and attacks.

With Data Loss Prevention, you get a thorough understanding where your sensitive data (including Intellectual Property) is throughout your environment, being able to put it back where it belongs, and preventing it from moving to where you don’t want it.  But, the real value is in the intelligence you’ve gained from that effort. 

As security professionals we often complain about how the business doesn’t get involved in security, they don’t understand why they need security or they’re just see it as a roadblock to...

uuallan | 27 Jun 2012 | 1 comment

The database containing the login and password information of your users is a target that can be of great value to an attacker.  Unfortunately for you, it is also often an easy target for exploitation.  We’ve already discussed some of the best practices for encrypting your passwords should a breach occur, but that is not enough.  It is important to protect the data in the first place.  This is a much bigger challenge.

Let’s take a some of the challenges involved in protecting username and password data. Most modern websites are primarily database driven with a (very simplified) architecture that consists of multiple front-end servers that distribute content and backend database servers that contain the content as well as user information.   When a  visitor to the site makes a request, the information is pulled from the appropriate database and delivered through the front-end servers. 

Because websites rely on open...