Category: Security

What you don’t know about SSH can hurt you.

SSH is a powerful access protocol that was developed some 20 years ago by Tatu Ylonen of Finland.  The protocol’s primary function is to provide trusted access and encrypt communication in transit to prevent man-in-the-middle attacks.  Once a connection is established, SSH effectively creates an encrypted tunnel to facilitate secure communication between two points.  Since it’s development, …

Continue reading

Permanent link to this article: https://demystifyit.com/what-you-dont-know-about-ssh-can-hurt-you/

Beware the Invisible Man Using SSH

Permanent link to this article: https://demystifyit.com/beware-the-invisible-man-using-ssh/

A theory on the 1 billion account hack – and what you should do to avoid being Yahoo’d

Yahoo has been making a lot of news lately and not for good reason. Marisa Myers failed attempt to turn the company around which resulted in the sale of the company to Verizon for 4.8 Billion has been placed in jeopardy due to its inability to protect and secure its users data. In September of …

Continue reading

Permanent link to this article: https://demystifyit.com/a-theory-on-the-1-billion-account-hack-and-what-you-should-do-to-avoid-being-yahood/

May the Brute Force NOT Be With You

I recently met with a customer that is using username and password instead of keys to control SSH access.  For the past several months I’ve been so engrossed with solving SSH key management issues that I was somewhat taken aback by the approach.  Upon further discussions with some experts on the subject, I’ve come to …

Continue reading

Permanent link to this article: https://demystifyit.com/may-the-brute-force-not-be-with-you/

This could be heaven, or this could be hell.

  In late February, California’s attorney general Kamala Harris released a breach report that you can find here.  The report requires companies conducting business in the state of California to use “reasonable security procedures and practices…to protect personal information from unauthorized, access, destruction, use, modification, or disclosure.” Essentially, the reasonable security protocol’s she’s referring to …

Continue reading

Permanent link to this article: https://demystifyit.com/426-2/

The inherent risk of a fixed focal point security posture

There are inherent limitations to relying upon traditional Security Information & Event Management Systems or SIEMS, which are often overlooked that every organization must be made aware of. These limitations are: 1) SIEM’s fixed focal point and 2) Dependencies upon structured data sources Maintaining a fixed focal point (or monitoring just a subset of data) …

Continue reading

Permanent link to this article: https://demystifyit.com/the-inherent-risk-of-a-fixed-focal-point-security-posture/