It's been a few years, but nMap 7.0 is finally here! How did I miss this? Updated across all platforms. Come and get it!
nMap 7 Download Page
Monday, November 23, 2015
Secure those Passwords
In the beginning, everyone had what one or two systems that they logged into? It was typical practice for an end user to use an easily remembered single password to log into those one or two systems that they used on a daily basis. Then in the late 1990s, the industry began preaching the use of a "Complex Password." Something that couldn't be easily guessed, was made up of some combination of character types, and was at least 8 characters long. That seamed to work well for most folks until we hit the age of rampant internet based everything.
Online Banking, Online School Reporting, Online Medical Records, Online Newspaper Subscriptions, Online Fantasy Football, Online Electric Bills, even Online Pizza Delivery have now taken over our daily lives. Each one of these various systems that touch our lives are holding some type of personally identifiable information, or in some cases payment information. Things like Online Banking are holding the holy grail of your financial life.
Sadly today, many people have one complex password, and they use it everywhere. Not only is this not a secure practice, but it can be devastating when it fails. Many of the systems that are being guarded with that single or even a couple of different complex passwords reference other online services that you may be using. For instance, lets say your online pizza account gets hacked. That account not only has your tasty pizza preferences, but it has your address, telephone number, and even an email address. The hackers can they quickly determine where that email is hosted, and wala, if you used the same password for pizza as you did for email, that service is now hacked. From your email account, they have the keys to the kingdom. From informational emails in your inbox, to various password reset mechanisms that only require access to your inbox, the sky is the limit for those that now control your online identity.
Whats the solution? A highly complex password with a high level of entropy for EVERY SINGLE ONLINE SERVICE that you use. Bar none, this is the best way to protect access to your vital online accounts as well protecting those services from each other. You may think that this is a great idea that just isn't practical in the real world. What happens, you keep an offline record of all of these accounts and passwords in some encrypted, or heaven forbid, un-encrypted text document on your home computer? For many that's the case.
However for the past several years there have been an outcropping of many password managers coming on the scene. These solve several problems.
What does this mean?
It means that there is a system out there that is highly secure, that allows YOU, yes YOU, to use a highly complex, highly entropic, secure password for every service you use. Use it!
Online Banking, Online School Reporting, Online Medical Records, Online Newspaper Subscriptions, Online Fantasy Football, Online Electric Bills, even Online Pizza Delivery have now taken over our daily lives. Each one of these various systems that touch our lives are holding some type of personally identifiable information, or in some cases payment information. Things like Online Banking are holding the holy grail of your financial life.
Sadly today, many people have one complex password, and they use it everywhere. Not only is this not a secure practice, but it can be devastating when it fails. Many of the systems that are being guarded with that single or even a couple of different complex passwords reference other online services that you may be using. For instance, lets say your online pizza account gets hacked. That account not only has your tasty pizza preferences, but it has your address, telephone number, and even an email address. The hackers can they quickly determine where that email is hosted, and wala, if you used the same password for pizza as you did for email, that service is now hacked. From your email account, they have the keys to the kingdom. From informational emails in your inbox, to various password reset mechanisms that only require access to your inbox, the sky is the limit for those that now control your online identity.
Whats the solution? A highly complex password with a high level of entropy for EVERY SINGLE ONLINE SERVICE that you use. Bar none, this is the best way to protect access to your vital online accounts as well protecting those services from each other. You may think that this is a great idea that just isn't practical in the real world. What happens, you keep an offline record of all of these accounts and passwords in some encrypted, or heaven forbid, un-encrypted text document on your home computer? For many that's the case.
However for the past several years there have been an outcropping of many password managers coming on the scene. These solve several problems.
- They give you a somewhat secure centralized location to place your account information.
- They allow you to keep multiple different passwords ready for each account.
- Most of them also have a high quality random password generator.
- They allow secure syncing of password access across devices.
What does this mean?
It means that there is a system out there that is highly secure, that allows YOU, yes YOU, to use a highly complex, highly entropic, secure password for every service you use. Use it!
Thursday, November 19, 2015
The Problem with Secret Questions
I came across this infographic from the folks at Google. Very interesting perspective here. I wonder how many passwords Google has to reset on a daily basis?
Wednesday, November 18, 2015
Check Point vSEC with NSX
I read an excellent article over on the Check Point Threat Prevention blog.
It discusses the new Check Point vSEC product and how it works with NSX to add that deep packet inspection technology to the SDN stack provided by NSX. This is incredibly powerful as it allows you to add the benefit of Check Point's vast array of security products to the policy driven network overlay that is NSX. Now you can do deep packet inspection and threat emulation on packets between virtual machines that live in the same subnet, all inside the hypervisor without having to bring in an outside appliance. This is going to radically improve security without the bottleneck of an external appliance having to handle all of the traffic.
Benefits of vSEC with NSX
- Addition of Check Point Threat Emulation / Threat Protection Layers to NSX Firewalled VMs.
- vSEC Policies follow NSX Policies. Newly created VMs are secure out of the gate.
- vSEC products get their protection data from the Check Point Threat Cloud.
- Fully integrated into the Check Point Software Defined Protection (SDP) Model
The article is here.
It discusses the new Check Point vSEC product and how it works with NSX to add that deep packet inspection technology to the SDN stack provided by NSX. This is incredibly powerful as it allows you to add the benefit of Check Point's vast array of security products to the policy driven network overlay that is NSX. Now you can do deep packet inspection and threat emulation on packets between virtual machines that live in the same subnet, all inside the hypervisor without having to bring in an outside appliance. This is going to radically improve security without the bottleneck of an external appliance having to handle all of the traffic.
Benefits of vSEC with NSX
- Addition of Check Point Threat Emulation / Threat Protection Layers to NSX Firewalled VMs.
- vSEC Policies follow NSX Policies. Newly created VMs are secure out of the gate.
- vSEC products get their protection data from the Check Point Threat Cloud.
- Fully integrated into the Check Point Software Defined Protection (SDP) Model
The article is here.
Tuesday, January 20, 2015
Securing mobile devices when they are off the corporate network
With the recent surge in high profile security breaches of
the last eighteen months, all businesses regardless of size must have security
in the forefront of their IT strategic plan.
Security has become more important than ever before. It has also become more complicated than ever
before. Never before has corporate data
been under attack from so many different vectors. The days of securing the perimeter of your
corporate network and calling it a day are over. With the ever increasing mobile workforce
accessing data from anywhere at anytime, how can security keep up?
There are too many touch points to critical data from
multiple avenues to continue to apply the principals of old. In the past, a company would invest its
security spend on the best perimeter firewall they could find. They would then create a rule base that kept
the bad guys out, and tried to keep the good guys in. But now, with more and more access coming in
over cellular networks, free wifi hotspots, and employee’s home broadband
connections, the old perimeter firewall isn’t enough. It can’t provide security on networks that it
doesn’t exist on.
Its happened all too often.
An employee accesses critical data on their device. That data gets cached in the web browser, or
in an app, or on the storage. Later that
day, they click a link in an email from a friend, install a game from the app
store, or even visit a hacked Facebook account.
With that action, mobile malware is downloaded and installed on the
device. That corporate data is now being
sent back to the malware’s creator to be sold on the black market. There are literally thousands of ways to get
malware installed and running on a mobile device. Without the protection of the company’s
enterprise firewall on these networks, the company’s data, as well as the end
users personal data, is at extreme risk.
How do we protect these mobile devices, whether they are
laptops, tablets, phones, phablets, or even watches? We need a solution that applies the
enterprise security policy on these devices no matter what network they are
connected to. We need a solution that is
unobtrusive to the end user and that doesn’t affect that end user’s device
experience. We need a solution that
doesn’t create yet another complicated management interface for IT to
administer.
It must be seamless.
It must be secure. It must be
fast.
Capsule Cloud by Check Point delivers on all three.
How does it work?
Capsule Cloud tunnels all of the mobile device’s traffic
through a cloud based enterprise security system. The system is able to enforce the enterprise
security policy on that traffic no matter where the device is on the
Internet. With Check Point Capsule
cloud, your end users receive all the industry leading protections available on
the Check Point platform including:
Anti-Bot, Anti-Virus, Data Leakage Protection (DLP), Threat Prevention,
IPS, as well as URL Filtering and Application Control.
Check Point has multiple data centers all around the globe
to ensure the best possible user experience.
If your business utilizes Check
Point gateways or management products already, you can utilize those tools to
push the same policy that’s on your enterprise gateways to the Capsule Cloud
service.
Capsule Cloud is a cloud based security
system that is delivered via a SaaS methodology. Capsule Cloud utilizes a user based licensing
model. This allows Capsule to secure
multiple devices per user, all under a single user license. Today Capsule cloud supports all of the
major mobile devices. There are clients
for Mac OSX, Windows, iOS, and Android.
Subscribe to:
Posts (Atom)