Posts

Showing posts from 2017

What is a VPN and Why is it a Good Idea?

Image
A virtual private network, or VPN, can help secure your web browsing and protect your anonymity online from anyone who wants to steal or monetize your data. A VPN creates a virtual encrypted tunnel between you and a remote server operated by a VPN service. All external internet traffic is routed through this tunnel, so your data is secure from prying eyes. Best of all, your computer appears to have the IP address of the VPN server, masking your identity. To understand the value of a VPN, it helps to think of some specific scenarios in which a VPN might be used. Consider a public Wi-Fi network, perhaps at a coffee shop or airport. Like many of us, you might connect to it without a second thought. But do you know who might be watching the traffic on that network? Can you even be sure the Wi-Fi network itself is legitimate, or could it be controlled by a hacker who's after your personal data? Think about passwords, bank account data, credit card numbers, and private information th

Transformational Trends in IT for 2018

Image
According to CIO magazine, the relentless pace of technological change is impacting consumer expectations at a faster rate than ever, making any prediction challenging. Data security and privacy will continue to take center stage: How personal data is used. The ramifications of data breaches. And the importance of data to companies. Other trends we are likely to see include: AI and IoT Converge IoT will become part of the fabric of an organization in 2018. The challenge for CIOs and our teams will be how to integrate device management into overall IT infrastructure in a way that doesn’t overwhelm the organization. Applications Managed in Real Time Companies are beginning to explore what they can really do with the security, agility and flexibility of virtualized network services. Cybersecurity, Fully Embedded Threat detection capabilities embedded into platforms. End-to-end managed security infrastructure for the network, the developer, and applications. Proactive, predicti

First Amendment and Free Speech Online

Image
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances." That's it. That's all the United States Constitution's First Amendment actually says. There's a lot in just those few sentences, and it's crucial to know when and how it applies to common situations. Especially given the widespread use of Social Media. For examples of First Amendment arguments presented by constitutional law expert, Lata Nott, executive director of the Newsium Institute's First Amendment Center, follow this link: http://www.cnn.com/2017/04/27/politics/first-amendment-explainer-trnd/index.html

Digital Identity Guidelines

Image
"Digital Identity" is the unique representation of a subject engaged in an online transaction. "Identity Proofing" establishes that a subject is actually who they claim to be.  "Digital Authentication" is the process of determining the validity of one or more authenticators used to claim a digital identity.  Authentication establishes that a subject attempting to access a digital service is in control of the technologies used to authenticate. For services in which return visits are applicable, successfully authenticating provides reasonable risk-based assurances that the subject accessing the service today is the same as the one who accessed the service previously. Digital identity presents a technical challenge because it often involves the proofing of individuals over an open network and always involves the authentication of individuals over an open network. This presents multiple opportunities for impersonation and other attacks which can

“...no one can hack my mind”: Comparing Expert and Non-Expert Security Practices”

Image
Originally published two years ago by a team of three researchers from Google, I encountered this paper again at a conference I recently attended about how to deal with ransomware threats. Their findings provide excellent advice for everyone and I thought it would be good to share it again. The paper discusses the results of two surveys: One involving 231 security experts, and another with 294 web-users who are not security experts. Both groups were surveyed about what they do to stay safe online. The intent was to compare responses from the two groups in order to better understand any differences in professional’s and casual user’s approaches to security. Here are the top 5 practices by group: Security Experts Non-Experts 1. Install Software Updates 1. Use Antivirus Software 2. Use Unique Passwords 2. Use Strong Passwords 3. Use Two-Factor Authentication 3. Change Passwords Frequently 4. Use Strong Passwords

SANS Network Security Conference 2017 Las Vegas, NV September 10-17

Image
“Established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community." "SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats - the ones being actively exploited. The courses are full of important and immediately useful techniques that you can put to work as soon as you return to your offices. They were developed through a consensus process involving hundreds of administr

What you need to know about the WannaCry Ransomware

Image
A virulent new strain of ransomware known as WannaCry has hit hundreds of thousands of computers worldwide since its emergence on Friday, May 12. WannaCry is far more dangerous than other common ransomware types because of its ability to spread itself across an organization’s network by exploiting a critical vulnerability in Windows computers, which was patched by Microsoft in March 2017 (MS17-010). The exploit, known as “Eternal Blue,” was released online in April in the latest of a series of leaks by a group known as the Shadow Brokers, who claimed that it had stolen the data from the Equation cyber espionage group. Source: Symantec

Windows 10 Creators Update

Image
Redmond magazine reports that Microsoft's second major Windows 10 upgrade will literally change the way users look at PCs, devices and games. Windows 10 Creators Update, which Microsoft started pushing out to consumers in April, will be available for business and enterprise customers this summer. Microsoft is emphasizing that this release, focused more on creating rather than consuming content, represents the first release that makes Windows an alternative to the Apple Mac OS, while aiming to appeal to young computer users who feel Apple has fallen behind. "We designed Windows 10 to empower the creator in all of us," said Yusef Mehdi, corporate VP of the Windows and Devices Group at Microsoft. "To us, that means that everyone has the power to dream big, whether that involves starting a company, developing a lesson plan, inventing a product, developing or broadcasting games, or imagining a whole new world in Minecraft or mixed reality." The Creators Update w

CES 2017 to Feature 5G

Image
This year’s Consumer Electronics Show will feature 5G technologies. But it remains to be seen whether the technology will live up to the level of hype surrounding it. CES 2017 kicks off this week in Las Vegas, and will attract technology companies from every spectrum. Topics will range from high-definition TVs to cutting-edge wireless technologies. More than 100,000 attendees from all over the world make CES the tech industry’s main trade show. This year, a wide range of companies are poised to place 5G front and center. Qualcomm’s CEO Steve Mollenkopf will make 5G a centerpiece of his keynote address on Friday, while executives from Verizon, Ericsson, Sprint, 20th Century Fox Film Corp., SK Telecom and others will also discuss the move to the next-generation technology in a number of different CES panels and sessions. Further, Intel and Ericsson have promised to show off a 5G virtual reality sports demonstration using Intel’s Voke 360 camera and Ericsson’s pre-standard 5G tech