security

22 December 2014 at 12:07pm

The steady growth in the use of encrypted communications seems likely to increase next year given recent announcements on both web browsers and servers. That's good news for security people worried that their users may be sending sensitive information such as passwords and credit card numbers over the Internet.

18 December 2014 at 9:11am

Protecting Information in 2015

Andrew Cormack

Data Protection Directive

Data Protection Regulation

Privacy

security

Although it's now almost three years since the European Commission published their proposed General Data Protection Regulation, it seems unlikely that a final text will be agreed even in 2015. That means we'll be stuck for at least another year with the 1995 Directive, whose inability to deal with the world of 2015 is becoming increasingly apparent.

29 August 2014 at 11:50am

How Many Passwords?

A recent discussion got me thinking about what might be the right number of passwords. There are plenty of references that still say you should have a different password for every service, and breaches such as Adobe’s last year show why. If you use the same password on two different websites and one of those gets compromised, either by phishing or loss and cracking of a password file, then both accounts are put at risk.

26 June 2014 at 10:10am

Simple ways to improve your DNS resilience and security: #4 Open DNS Resolvers

Time to move from the mechanics and policy of DNS replication to a new topic. Within the global DNS there are two roles that a server can play: ones that hold data - nameservers, and ones that fetch that data for clients - resolvers. Nameservers need to provide their data to the entire Internet whereas resolvers serve a small set of client systems.

24 June 2014 at 1:53pm

Simple ways to improve your DNS resilience and security: #2 Zone Transfers

Having designed a redundant DNS infrastructure, one of the most common mistakes is failing to ensure that secondary nameservers can successfully replicate data for the domains it is hosting. The most common way this is done on the Internet is though zone transfers - the AXFR command. This command causes a DNS server to reply with all the data it knows for a domain.

24 June 2014 at 1:52pm

Simple ways to improve your DNS resilience and security: #1 Redundancy

When providing DNS nameserver services a degree of redundancy is needed. In most cases the DNS records for a particular domain will be hosted by at least two nameservers, but is that enough by itself? When building a resilient system the risks involved with the failure modes of the system need to be considered and weighed up against the associated costs and overheads. As a common example - does having both DNS servers on the same local network segment provide you with protection against network failure? Probably not.

Managing IT Security

Sammy Ashby

8 April 2014 at 9:38am

The security of computer, data and networks is now a matter of importance to everyone who uses them. Computers connected to a network, whether local or wide area, are exposed to many threats against their effective operation and the safety and privacy of the data they hold. Topics Covered

Hands on Security Testing (Live Online Course)

Sammy Ashby

8 April 2014 at 9:20am

The 'Hands on Security Testing' live online learning course covers the basics of Security Testing, from port scanning using the freely available nmap tool, through to vulnerability exploitation using the metasploit tool. This course takes place over six sessions and involves some assignments.

4 April 2014 at 2:32pm