Cyber Security

545

Solutions

867

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.

Share tech news, updates, or what's on your mind.

Sign up to Post

Wifi Flaw
Nothing is ever secure - things get "broken" but not always easily mended. This is the norm today. Despite security measure put in place, cyber attacks are still successful because security controls themselves can be vulnerable as well. Catch this Wi-Fi security weakness run through.
5
Prepare for an Exciting Career in Cybersecurity
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

We use Office 365 for Exchange. One employee's email account was compromised. HR received a request for changing direct deposit bank, from this employee's email address, and HR replied the email. But the request wasn't from the employee. The employee could receive all the normal emails, but not the ones related to this request.

How can we trace the original request email? How can we fix this issue?
0
if I wanted to test how secure the network is against being hacked or Ransomware attack - where would I start?

If I did something like the Certified Ethical Hacker Course or CREST Registered Penetration Tester. Would either of these courses help?

Thank

Ian
0
I have a certificate on one of my servers. The server is a certificate of authority. I know that I can set up a GPO to deploy their certificate to individuals on the domain. but what I want to do is install or enroll their certificate on one particular server manually without GPO. is it possible to do this?
0
What are the best practices in light of ransomware attacks. I've had a few local non rotating backups get bricked because of ransomware. I do have remote backup, but is everyone resorting to rotating backup drives?
0
Spectrum on behalf of Sony sent a client this e-mail: {Removed IP address below}

To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity.  The time stamps are approximate from our logs.  The actual timing of the events depend on the signature matched.  It is very likely to have occurred both before, during and following the times listed.

       Approximate Time Range (UTC),      IP Address, Reason
2018-07-23 12:46:00 ~ 2018-07-23 13:46:00 (UTC),   xxx.xxx.xxx.xxx, Account Takeover Attempts

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.api.sonyentertainmentnetwork.com

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP …
0
Hi Experts

Could you point if  phpCAS that uses API for authenticating users against a CAS server (WebSSO CAS) could be integrated at an existing Codeigniter project?

CAS - Central Authentication Server

I'm implementing a SSO (Single Sign-On)  funcionality to allow a web app conexion based on user id and  correspondent user's data obtained from LDAP (AD-Active Directory)

phpCAS

I'm planning to implement the SSO functionality at PHP Codeigniter's site index.php.

Thanks in advance!
0
Secure HTTPS
HTTPS is an essential technology and the Chrome browser developed by Google now shows “Secure” in the address bar when you visit a page with the HTTPS protocol such as https://www.experts-exchange.com but what does this mean? Is the website secure from malware? Is our identity secure?
0
online safety

A recent Pew Research Center study reveals that one in three parents expresses concern about their children’s online activity. In today’s digital world, understanding the online activity of children is part of being a parent. Most people understand that virus protection and software updates are important for preserving online security. However, the personal habits and actions of young Internet users can affect their safety. 


Busy parents don’t always have time to stay informed about the latest Internet threats, making cybersecurity experts an invaluable resource for providing online safety information about protecting children and young adults. Still, parents must remain vigilant in staying informed about what social media platforms their children use as well as explaining the primary tenets of Internet safety.


Parents, as well as young Internet users, need cyber safety education. It’s important that youth understand how their social media activities affect their safety. It’s impossible to know who is reading and following media posts left by children, and security is often the last concern on the mind of an unsuspecting Internet user engaging with friends and family members.


Most parents make it a point to always know the whereabouts of their children. The same concern should apply to online activity. Parents should have a presence on their children’s gaming networks and social media platforms. Additionally, parents should have the account and password information of their children’s online accounts. Not to spy, but to verify their activities. Furthermore, it’s incredibly easy for unscrupulous individuals to track the real-world movements of children as they check into venues using online applications by using social media platforms such as Instagram, Snapchat, Facebook, and Foursquare. 


Keeping Kids Safe in the Digital Domain


Parents should do their best to teach their children about online safety. However, it shouldn’t be left to parents alone to keep their children safe online. Community advocates and cybersecurity specialists can pitch in and do their part to help keep kids safe in the digital domain. Additionally, there are paid services that parents can use to help protect their children online. Most computer literate children understand how to protect their online privacy and security. However, they only use this knowledge to keep their parents from observing their online activity. 


Unfortunately, most children don’t apply this same caution when engaging with strangers online. Just as they do in the real world, parents must figure out how to oversee their children’s Internet activity. Additionally, it’s important that they establish online monitoring while children are young so that it’s easier to protect them as they grow older.


Research shows that parents are the best defense for protecting kids, teens and young adults online. Parents can establish a foundation for monitoring their children’s Internet activity by explaining that they want to share in their online experience, not infringe on their privacy. This process is easier if parents maintain an ongoing dialogue with their children about Internet safety. Parents must make sure that their children understand how their online activity exposes personal information about their lives that build up over time. 


Getting Help With Cyber Safety


Social monitoring apps and other resources can help parents stay informed about their children’s online behavior and keep them safe. Experts recommend that parents monitor their children closely to protect them from inappropriate content and activities such as cyberbullying and online predators. Sometimes, dishonest individuals pose as children online. They may even encourage children to divulge personal information, such as their home address and phone number. In light of these threats, parents should always be aware of their children’s online activities, including the information that they share and the people that they engage with online.


All parents want to keep their children safe as they explore the Internet, learn new things and engage with others from around the world. There are many academic institutions, community organizations and law enforcement and government agencies that provide resources that teach parents how to protect children as they browse the Internet. In fact, there are many directories with hundreds of resources from around the world that are updated frequently, and many of those resources are available in different languages.


In today’s digital world, it’s vital that parents maintain an open dialogue about Internet safety. Additionally, it’s important that cybersecurity experts advocate for the safety of children as they use the Internet to enhance their lives. Cybersecurity experts are well aware of the dangers that children face online, and as new threats emerge daily, they continue to develop innovative solutions for protecting the public’s safety.



0
Hello everyone! I hope you are all doing well.  I've been looking at a few Single Sign on services provider. Centrify and Azure to name a few. Any other reliable and easy to setup Single Sign on services with excellent support? I have to add about 12 different cloud apps and wanted to make sure I can find one that perhaps will support us through the implementation process since some of the apps are not common.
0
Firewall Management 201 with Professor Wool
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Hi Everyone, our small SMB\company recently switched to hosted Office 365 Exchange based email. Before the switch, we had an "in-house" Exchange mail server.
We have about 10 or so domains registered for email delivery.

So here's the problem. Since switching to Office 365 our users are being bombarded with "Somewhat Legitimate" Phishing Emails that try and trick them into providing their logon credentials.
IE> Your account in box is full, click here to fix. Your account will be terminated if you don't click here and login .. and on and on and on.

I've mostly stemmed these by created rules in Mail Flow that block certain words and phrases contained in Subject\Body.

Thats said, any suggestions to better keep these emails out? This issue not nearly as bad when didn't host with Office 365.
0
Hello,
I install nginx with mod security … I want to use it as waf for backend web servers.
in this case do I have to enable reverse proxy on it ?
what's about the https servers ?
thanks.
0
The biggest challenges when it comes to mobile security: protection, integration and visibility.
3

Expert Comment

by:Jake Lees
Comment Utility
Nice post. Love to read it.
0
I'm looking for opinions about setting up DMZ VLANs on switches that are also used for internal networking vs. using separate physical switches for DMZs and internal networks.  Any concerns or benefits you can think of for one over the other.  Assume Cisco equipment.
0
SSL Certificates

Can you explain the process for buying SSL certificates?
The challenges around security?
Where to buy from?

Who should have access?

Any other info would be great
0
We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
Mobile security
Your smartphone is the weakest link so if we have not been taking good care of it and looking out for signs of red flag that the it is misbehaving and acting strangely, then we are setting ourselves for trouble. Read on for tips to self defence and keep a clean hygiene footprint.
2
LVL 67

Author Comment

by:btan
Comment Utility
Thanks Andrew.

1a. Facial spoofing attacks can easily launched via printed photos, video replays and 3D masks of a face. There is a detailed paper written on this. That is why it is critical to implement strong liveness detection measures for facial authentication that recognize when a facial image is not a live. To share a bit more, spoof detection can be classified as either “active”, requiring interaction with the subject, or “passive” analysis requiring no interaction.  

1b. Fingerprint spoofing attack can easily be fooled by fake fingerprints digitally composed of many common features found in human prints. Likewise another paper shares the details. What I think is concerning is the capture in the past has also been attempted on gummy fingers that is fake Fingers. Liveness test is still the added assurance check needed to have a robust check in the mobile device.

The challenge for a/m is not on the detection technology but how to more towards a more accurate match rate an d at the same time not in the expense of making the device bulky or more draining to the limited battery level.

2. Actually remote wipe is more of a mitigation as ultimately, if the data remain encrypted and the device has lock enabled, access is restricted and even data siphoned off the shutdown or locked device will not necessary have the plain data revealed. So with encryption and locked setting, the mitigation suffice as baseline.

Hope the above clarifies.
1
LVL 19

Expert Comment

by:Andrew Leniart
Comment Utility
Thanks for clarifying btan. Highly useful information!
0
In a meeting we were told that it is possible to know or identify if a user hit a specific page and it’s contents even if the page is locked.  We understand that when a page has a lock it means SSL and that the data to/fro from the site to computer is encrypted.  Is this possible that even thought the page has a lock, there is  a way to identify the encrypted page that the user visited and identify the contents, if it has form or just regular page?
0
Secure Mobile DNA
The explosive trends of the increasing number of mobile devices and apps get us in trouble despite the benefits they give. Run through the common threats faced. Tackle them with a strategy to better secure our mobile device and apps against these emerging threats.
0
KuppingerCole Reviews AlgoSec in Executive Report
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

HIVE ALERT!
With a HIVE alert mind, we can focus on important security areas. We can ask the right questions to guide and discover ways to reduce our risk footprint and protect against lurking threats. Read on...
0
Are 32 bit computers at a higher risk of Anti-Virus, Malware or Ransomware infections?

We have a few left and I need to know if I should trash them ASAP.
0
Hi,

I d like to see how good my Wi-Fi is protected so how can I test this and see what would happen when somebody could get connected to my Wi-Fi (what he could see/do)?

That way I could take countermeasures.

J
0
Hi,

I need assistance how I can disable / close network discovery on LAN for Servers and all Clients please.


Regards
Asif
0
Does anyone recommend any good ethical hackers?  I want to ensure that I close any open security issues for my organization and I was thinking of hiring an organization or individual that can provide that service?  

Any reputable recommendations?
0
I have a question about defending against  DDoS attacks.  My ISP charges a large penny for service to protect me from DDoS attacks, it's basically the same amount for my internet, and it's not cheap.  Besides buying hardware, does anyone recommend any online companies that can provide the same kind of service as my ISP, but at a descent cost?

What other options do I have, or does anyone recommend a good solution?
0

Cyber Security

545

Solutions

867

Contributors

The cyber security specialization covers the fundamental concepts underlying the construction of secure systems, from the hardware to the software to the human-computer interface, with the use of cryptography to secure interactions. cyber security focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change, theft or destruction. This includes controlling physical access to the hardware, as well as protecting against the harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.