Security
-
What is Zero Trust?
Zero Trust Castle & Moat construct (which assumes that all security threats come from outside an organization) is outdated & problematic. Shift in attitude from trusted to untrusted. Trust is a vulnerability. Workers (users) are our weakest link No trust-by-default… Instead, Why don’t we inherently distrust everything? The user today needs a variety of access methods to a multitude of systems (while simultaneously NOT trusting them). The ‘Zero Trust’ model allows workers to perform their roles & responsibilities in a much more secure, much less trusted environment. The framework was conceptualized by Forrester Research in 2010. Not “Trust, but verify” rather, “Verify, then trust…but only a little.” No person is…
-
CompTIA Security Plus + Full Course [VIDEO]
Security+ Full Course video from YouTube. **** Topics Discussed **** Introduction to Network Devices (part 1) (0:00) Introduction to Network Devices (part 2) (8:06) Introduction to Network Devices (part 3) (15:50) Secure Network Administration Concepts (34:00) Cloud Concepts (41:00) Secure Network Design Elements and Components (48:00) Common Network Protocols (part 1) (55:20) Common Network Protocols (part 2) (1:01:00) Common Network Protocols (part 3) (1:08:00) Wireless Security Considerations (1:13:54) Risk Related Concepts (part 1) (1:23:12) Risk Related Concepts (part 2) (1:29:43) Risk Related Concepts (part 3) (1:36:08) Integrating Data and Systems w Third Parties(21:50) Risk Mitigation Strategies (1:41:27) Basic Forensic Procedures (1:46:17) Incident Response Concepts (1:54:15) Security Related Awareness and Training…
-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
What is “Vendor Neutral”?
What does it mean to be Vendor Neutral? To be Vendor Neutral, or Vendor Neutrality, seems like it should mean no specific preference to any certain vendor or no bias towards any certain particular vendors, or not favoring one vendor over another. Indeed, vendor neutral means a “product or specification that is not proprietary and controlled by one company. Open source software was conceived to avoid allegiance to a single vendor”[14]. PC Mag encyclopedia goes on to make note, “However, an ‘open system’ is not entirely vendor neutral as the foundation platform may be controlled by one company”.
-
Integrating Security Into Networking From The Ground Up…
This industry insight article from GCN discusses how moving forward, the convergence of security and networking will be needed to work together from an integrated perspective. As more of the workforce continues remote-work, the potential for attacks/threats/malicious actors increases and heightened security will continue to be of critical importance. Secure access service edge (SASE) and software-defined wide-area network (SD-WAN) technologies are designed to merge security and networking into a single, integrated solution that can rapidly and easily scale and adapt to expanding environments and requirements. These forward-leaning capabilities help agencies better plan for the future while ensuring security remains a top priority even amid ongoing changes. Traditional security solutions no…
-
‘Welcome To The Edge!!!’–What Is Edge Computing???
[Note: This is an evolving, continuously updating post for my research purposes to learn more about SASE, or Secure Access Service Edge. First, I’m laying the groundwork for what ‘edge computing’ is.] Edge Computing The term ‘edge’ is all the rage these days. From a infrastructure-centric point of view, “Edge computing is at it’s essence cloud principles applied at the network edge close to the user“[3]. It can include: Virtualization (Compute virtualization, Storage virtualization, Networking virtualization) Resources On Demand API Driven Approach Automated LCM Life-Cycle management Use of Commodity hardware [3] These are some of the powerful core cloud basic principles that make the network edge highly flexible and programmable.…
