Security Articles

Admin Privilege: To give or not to give

"Blessed are those who have privileges", Alice muttered while raising several tickets and request for change (RFC). She and her team consisting of 10 members had just started working on a new project and wanted to install several software, configure them, make some changes in registry, set environment variables etc. This meant a mammoth task of taking several approvals & maybe follow ups with her company's already overburdened IT support team.
To maintain security and comply with regulatory and compliance requirements her company followed the principle of least privilege (POLP) and provided a locked down environment to its employees.
Alice knew she could save time and effort if her team could just get administrative privilege. She raised a request to get the same.

Data deletion vs Data retention

The world is learning new lessons from the December attacks on Sony Pictures. One of these lessons is learning the importance of data deletion in information security. The Sony Pictures attack highlights the risks involved due to lack of such policy. Bruce Schneier calls this the risk of exposure in his blog.
The malware based attack not only caused data breach but also left the company feeling embarassed due to leaked old emails and documents. While effective security controls could have prevented the attacks, a data deletion policy would have saved the company from embarassment and possible future litigations.
So why are organizations not implementing data deletion policy?

SECURING CYBERSPACE - A New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts

On 13th Jan 2015 President Barack Obama announced the SECURING CYBERSPACE - A New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts. It proposes 3 measures to help strength the cyber security as brought out in the succeeding paragraphs.
Enabling Cybersecurity Information Sharing: The first measure Obama is proposing would encourage companies to share cyber threat information with the Department of Homeland Security cybersecurity center, which would swiftly pass it on to other government agencies and industry groups voluntarily formed to share such material. Companies would get targeted liability protection for doing so, the White House said, as long as they took steps to protect consumers personal information.

Secure SHA an Enhanced Hashing Mechanism

In recent times, though most applications emphasize its users on keeping strong passwords through stringent password policies, these strong passwords would be effective if and only if they are maintained securely at the back-end. In simpler words we can say, it is of no use having your precious valuables deposited in a bank locker that has no proper security measures to safeguard it for you. Have we ever wondered are our passwords stored securely at the back-end? It is not only an end user's responsibility to use strong passwords, but also the application's responsibility to securely safeguard user's strong passwords.
Though most of us know that the simplest and a safe way of securely storing passwords at the back-end  is by means of Hashing (a one-way crypto operation of transforming the clear text password to a fixed-length cipher text with the help of standards-based hashing algorithms say, SHA-1), there are also few drawbacks associated with this mechanism.

Sandbox aware Malware

As the Internet is becoming an important part of everyday life, Internet users face increasing security threats posed by malware. Malware is defined as malicious software or code, that when enters in to a computer system does things/changes that are harmful and unwanted to the legitimate user. The harmful activities can be corrupting and deleting the files on the computer, stealing the personal and financial information, making the computer services slow and unavailable, stealing proprietary or intellectual property information and at a larger scale destroying computers and computer networks. Some of the examples of the malware include viruses, worms, Trojans, back doors, root kits, key loggers, spyware,  ransomware, adware, Crimeware etc.


Subscribe to RSS - Security Articles