Security Articles

Session Hijacking: Introduction and measures to safeguard

In this age of digital era, everything happens over the net from business to shopping, from banking to education; as the internet grows wider, we are witnessing a growth in Cyber threats and attacks.

Every web user demands a basic need to be assured that their data, money, or communications are safe and trustworthy. So security plays a prominent role in each facet of digital communication or transaction that happens over the web.

There are numerous security threats that occur on the internet starting from man-in-middle attack, Denial-of-Service attack, IP spoofing etc., thus it becomes a tedious task for each system administrator and information security professionals to be competent enough to implement various defensive mechanisms to handle uncertain attacks and protect users data.

Machine Learning for DGA Detection

Machine Learning for DGA Detection

Botnets are arguably one of the biggest threats online at present. In order to control networks infected by malware, the command-and-control (C&C) servers communicate with bots via an IP address or domain only known to them. However, if a dedicated domain, or a set of domains, is used for this communication, they can be easily detected and blacklisted.

Domain Generation Algorithms (DGA) is a technique used by modern botnets to avoid blacklisting and sinkhole. DGA algorithms periodically generate a large number of domain names to connect to. A new list can be generated every day, and a few of those domains are registered and activated to be used for botnet - C&C communication. Since there is infinite number of different algorithms it is impossible to generate a finite list of domains to blacklist, which makes detection of communication between bots and C&C extremely difficult.

The Myth of Production–Level Security for Non-Production Private Data

I have been among those who take the position that production security controls should be applied to un-encrypted and private data in the clear in non-production environments.  In a recent client experience, I learned just how wrong this premise is.  That is unless your production security is very poor.

Shoulder Surfing Tales: Learn from Stories

Shoulder-Surfing is an acknowledged form of Social Engineering.  The problem is when the surfers are not-so-good guys like me, and what they might be able to do with the information I was able to gain in a couple of recent incidents.  It would be a trivial exercise for a gifted social engineer to use the information to build a targeted social engineering or spear-phishing attack. The very disturbing fact of these incidents is that they involved senior people in their respective companies.  This reinforces the fact that success in cybersecurity must start with strong support and good security practices at the top of the organization.

What is IoT Forensics and How is it Different from Digital Forensics?

What is IoT Forensics and How is it Different from Digital Forensics?

Internet of Things (IoT) refers to a network of connected physical devices, smart home appliances, wearable electronic devices and embedded electronic items etc. with different types of sensors for seamless connectivity and transfer of data amongst them. 

The Internet of Things has become very popular and transformed various facets of life. Some common examples for the IoT devices include Smart home accessories such as smart locks, sensors for temperature, ambient light, water, gas etc., and wearables such as smart watches, glasses, pacemakers and fitness gear and includes components such as M2M (Machine to Machine communications), RFID sensors, wearable and context-aware computing.

Learn How a Web Application Firewall Works

Learn How a Web Application Firewall Works

In today’s scenario, we can say that web hacking is a really rampant concern. It almost seems that on a daily basis we can hear major web hacking news that can impact a large corporation and its perceived cybersecurity defenses. People are left with the sense that if major corporate brands can be infiltrated, then how their information can be safe. One rather underrepresented form of website protection is implementing a web application firewall (WAF) into their web security profiles.

13 Best Practices To Secure Your AWS!

13 Best Practices To Secure Your AWS!

Cloud is the buzz word everywhere these days and almost every company whether small or big are aiming to become cloud-enabled or cloud drive. Amazon Web Services (AWS) is the leading cloud service provider in the market and many companies are hosting entire or part of their IT infrastructure on AWS.  

Hosting the infrastructure on the cloud also requires you to implement certain security measures in order to keep it safe and secured from cyber threats and attacks. This article lists out some of the best practices which can be considered in order to improve and implement secure AWS infrastructure. 

This article assumes you have the basic understanding of AWS and the services offered by AWS. If you are new to AWS, please see this link

Safeguarding Ourselves From Cyber-attacks: Best Practices

Safeguarding Ourselves From Cyber-attacks: Best Practices

In these days of increased cyber-attacks, being aware of a single attack is not sufficient enough to keep ourselves safe against them. The attackers are now incorporating a combination of several attack techniques to accomplish their objective. For example, a combination of phishing, credit card data theft, and malware are combined to implement an attack these days.

Still Confused What Bitcoin Is? Read This!

Still Confused What Bitcoin Is? Read This!

Money is the only parameter to fathom the richness of an individual in the present world and it is considered legal if recognized by the central bank. Money is ‘a well-recognized paper’ signed by the authorized representative of the central bank and thus considered as a legal tender. Till recent times money was recognized as the value on a piece of paper. However, in 2009 Satashi Nakamoto introduced a set of programs which were run on the computer (the process called mining) produced money protected by cryptography.  Hence the name cryptocurrency was given to programmed earned currency named Bitcoin. It is pertinent to mention that although the currency is not recognized by the central bank and cannot be exchanged for any commodity, it has posed a serious threat to the central banks across the globe, as it could move across the borders without the control of the govt.

Pages

Subscribe to RSS - Security Articles