SSH is a powerful access protocol that was developed some 20 years ago by Tatu Ylonen of Finland. The protocol’s primary function is to provide trusted access and encrypt communication in transit to prevent man-in-the-middle attacks. Once a connection is established, SSH effectively creates an encrypted tunnel to facilitate secure communication between two points. Since it’s development, …
Permanent link to this article: https://demystifyit.com/what-you-dont-know-about-ssh-can-hurt-you/
Permanent link to this article: https://demystifyit.com/beware-the-invisible-man-using-ssh/
Yahoo has been making a lot of news lately and not for good reason. Marisa Myers failed attempt to turn the company around which resulted in the sale of the company to Verizon for 4.8 Billion has been placed in jeopardy due to its inability to protect and secure its users data. In September of …
Permanent link to this article: https://demystifyit.com/a-theory-on-the-1-billion-account-hack-and-what-you-should-do-to-avoid-being-yahood/
I recently met with a customer that is using username and password instead of keys to control SSH access. For the past several months I’ve been so engrossed with solving SSH key management issues that I was somewhat taken aback by the approach. Upon further discussions with some experts on the subject, I’ve come to …
Permanent link to this article: https://demystifyit.com/may-the-brute-force-not-be-with-you/
In late February, California’s attorney general Kamala Harris released a breach report that you can find here. The report requires companies conducting business in the state of California to use “reasonable security procedures and practices…to protect personal information from unauthorized, access, destruction, use, modification, or disclosure.” Essentially, the reasonable security protocol’s she’s referring to …
Permanent link to this article: https://demystifyit.com/426-2/
There are inherent limitations to relying upon traditional Security Information & Event Management Systems or SIEMS, which are often overlooked that every organization must be made aware of. These limitations are: 1) SIEM’s fixed focal point and 2) Dependencies upon structured data sources Maintaining a fixed focal point (or monitoring just a subset of data) …
Permanent link to this article: https://demystifyit.com/the-inherent-risk-of-a-fixed-focal-point-security-posture/
CNET