When it comes to terms like ethical hacking, many may see this as an oxymoron. Ethical hacking is one approach to examining the security of your network in the same way that an attacker would. The difference is that is it done without malice and with the permission of the company.
If you are interested in IT security, now is a good time to consider a career move. According to the 2011 Information Security and Data Privacy Staffing Survey, which polled 190 organizations in 34 countries, IT security staffing budgets are expected to rise 14% next year. That is good news for those involved in IT security and individuals in the InfoSec field. This increase in funding could not come at a better time.
While many security professionals have used the Metasploit Framework, there is another exploit framework that you should review. It is known as BeEF. BeEF is a powerful exploit framework that is focused on leveraging browser vulnerabilities to assess the security posture of a target. Just as many penetration testers user proxies such as Burp and Paros, BeEF takes this a step further by directly targeting the browser.
For the Internet to make use of the advantages of IPv6 over IPv4, most hosts will eventually need to deploy this protocol. While many individuals are looking forward to the full deployment of IPv6, the transition to IPv6 doesn’t mean the networking world will somehow be totally secure. This was made clear by the recent report that Arbor Networks has reported the first IPv6 DDoS attacks against their networks. This is a clear paradigm shift since just a few years ago there were hardly more than a few thousand IPv6 systems connected to the Internet. That has changed, and as more and more users transition to IPv6, so will the threat of new network attacks.
While a recent study found that Chrome tops the list of most secure browsers, IE still has the most market share. Regardless of what browser you use there are some basic tips you can use to help make your web browsing more secure.
If you’re like me, you may have just gone through the process of making New Year Resolutions. One of my annual processes is to think about the security certifications I want to complete this year. The only problem is that as the year goes by, sometimes my plans get forgotten. To remedy this problem, I came up with a list of tips that I use and hopefully will be useful to you in keeping your certification plans on track.
One of the debates that often comes up is who is the bigger threat to IT security: insiders or outsiders. While both can cause real damage to a company’s assets, insiders have a key advantage. Here is one way to consider that advantage. To launch an attack what’s needed is means, motive, and opportunity. While outsiders may have a motive, insiders have the means and opportunity to launch an attack. This places them in a much better location to carry out malicious activities.
Have you ever considered how some people may consider security awareness training to be like exercising? Some employees may feel the need to do it because they have to, while others simply do it because it’s the right thing to do. While many companies perform security awareness training, not all do so in a way designed to reap maximum benefits.
If you’re like most people, your inbox contains some amount of spam and continues to be a problem while showing no sign of going away. One current spam campaign is targeted at Apple users. Email is spoofed to appear to be from Apple and prompts users to verify their billing information. This email, like many, contains the look and feel of a real email message complete with the Apple logo, official looking text, and text which might fool some unlucky recipients. Hopefully, your spam filters catch most of these emails, but if not, there are some things you can look for to help determine if the email is real or fake.
Ever heard of a darknet? Darknets present a new digital threat to law enforcement and individuals responsible for copyright enforcement. A darknet can be defined as a restricted, closed access, private network that is typically used for private communication.
