-
What is Multi-Factor Authentication and Why is It Necessary?
Many people have heard the basics of account protection: Get a password manager for your online accounts, make your passwords complex and never reuse them. But what about Multi-Factor Authentication? What is Multi-Factory authentication, what’s so special about it, and why is it needed? Multi-Factor Authentication (MFA), also sometimes known as Two-Factor Authentication (2FA), adds another layer of security to the sign-in process giving accounts further protection against unauthorized access. MFA requires multiple (two or more elements) to be used in order to grant full authentication. Multifactor authentication consists of 3 major things: Something you know: This can be a password, or the answer to a security question that cannot…
-
WSJ–“Companies Urged to Adjust Hiring Requirements for Cyber Jobs”…
News of the current shortage of cybersecurity professionals and the demand needed in the coming years to fill roles is seemingly ubiquitous these days. There’s an interesting article in the WSJ on the correlation between the shortage of cybersecurity capable applicants available and the job requirements being posted by hiring companies & HR departments. Despite holding a doctorate in computer science and having extensive military, federal and private-sector experience, Mr. Cunningham said he is routinely approached by companies offering entry-level positions. Job postings on social-media websites for positions usually regarded as gateway roles are rife with such requirements. For instance, one post on recruiting site Glassdoor for a security operations…
-
Integrating Security Into Networking From The Ground Up…
This industry insight article from GCN discusses how moving forward, the convergence of security and networking will be needed to work together from an integrated perspective. As more of the workforce continues remote-work, the potential for attacks/threats/malicious actors increases and heightened security will continue to be of critical importance. Secure access service edge (SASE) and software-defined wide-area network (SD-WAN) technologies are designed to merge security and networking into a single, integrated solution that can rapidly and easily scale and adapt to expanding environments and requirements. These forward-leaning capabilities help agencies better plan for the future while ensuring security remains a top priority even amid ongoing changes. Traditional security solutions no…
-
Current Events Breakdown: To unlock a terrorist’s iPhone, the FBI turned to an obscure company in Australia; a technique called an “Exploit Chain” was used.
So there’s quite a juicy, drama-filled story in the Washington Post that could be a Hollywood plot line about Apple, the FBI, a terrorist’s iPhone, and HACKERS!!! Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead. So, yeah Azimuth is a hacking firm for the better good you can say. Azimuth is a poster child for “white hat” hacking, experts say, which…
-
Cryptography & Cyber Security Course Notes
Crytopgraphy For Security course on You Tube. The triad of cybersecurity is: Confidentiality Integrity Availability Confidentiality refers to “the property that sensitive info is not disclosed to unauthorized individuals, entities, or processes”. —N.I.S.T. Intregrity is defined as the “guarding against improper info modification or destruction, and includes ensuring information non-repudiation & authenticity”. -NIST Availability is “ensuring timely and reliable access to and use of information”. -NIST Impact of Security Breaches: Effectiveness of primary operations are reduced. Financial loss Damage to assets Harm to individuals Threat: potential violation of security Attack: assault on system security derived from intelligent threat. Aspects of Security Security Attack—any action that attempts to compromise the security…
-
How to Get Into Cybersecurity with No Experience [Video]
I came across a great YouTube video titled, “How to Get Into Cybersecurity with No Experience” by Gerald “Gerry” Auger (Twitter, LinkedIn) of Simply Cyber. With Cybersecurity being in the headlines more and more, especially as companies and individuals grapple with the new Covid-economy, the demand for well-trained information security professionals continues to grow, exponentially. It is consistently listed in career/job outlook forecasts as one of the top sectors to watch in the coming years. So it comes as no surprise that the interest in this sector is growing and many are looking for ways to break into the field. Cybersecurity is especially interesting in that there seems to be…
-
Amazon’s “Sidewalk” Mesh Network Goes Live; All Devices Are Opted-In Automatically By Default
Amazon’s neighborhood mesh network dubbed “Sidewalk” has gone live. Via the New York Times: On June 8, Amazon is set to flip the switch on its new free service called Sidewalk, which will automatically be enabled on many of Amazon’s Echo smart speakers and smart displays, as well as some Ring devices (for more details, see the complete list of compatible devices). Once Sidewalk goes live, compatible devices such as speakers, light bulbs, locks, and sensors will be able to connect anonymously to other Sidewalk devices to borrow a little slice of internet connectivity. That should enable some interesting features down the line as more compatible devices appear. It’s also creating a fair amount of…
-
What Is a CSIRT vs. CERT vs. CIRT???
CSIRT—Computer Security Incident Response Team is a concrete organizational entity (i.e., one or more staff) that is assigned the responsibility for coordinating and supporting the response to a computer security event or incident. CERT—Computer Emergency Response (Readiness) Team CERT should not be generically used as an acronym because it’s a registered trademark in the United States Patent and Trademark Office, as well as other jurisdictions around the world. Alternative names fur such groups include computer emergency readiness team and computer security incident response team (CSIRT). The name “Computer Emergency Response Team” was fist used in 1988 at Carnegie Mellon University (CMU). CERT is registered as a trademark by Carnegie Mellon…
-
How Was Colonial Pipeline Hacked/Breached? Because of One Single Employee’s Compromised Password?
That’s all it takes, and usually what it comes down to. Passwords. As the founding contemporary lyrical wordsmith members of Wu-Tang would say, “Protect ya neck!“. Because without it, you’ll lose your head. Same with passwords! Protect ya passwords!!! All a malicious actor would need is a password to an account, and just like that (*finger snap!*), you’ve invited them in, like welcoming Count Dracula through your front door for Sunday dinner. So, Colonial, right…here’s the latest. After an analysis of the cyberattack on Colonial Pipeline, investigators suspect that hackers obtained the password from the dark web (think a marketplace for illicit activity) where such info is available for the…
-
‘Welcome To The Edge!!!’–What Is Edge Computing???
[Note: This is an evolving, continuously updating post for my research purposes to learn more about SASE, or Secure Access Service Edge. First, I’m laying the groundwork for what ‘edge computing’ is.] Edge Computing The term ‘edge’ is all the rage these days. From a infrastructure-centric point of view, “Edge computing is at it’s essence cloud principles applied at the network edge close to the user“[3]. It can include: Virtualization (Compute virtualization, Storage virtualization, Networking virtualization) Resources On Demand API Driven Approach Automated LCM Life-Cycle management Use of Commodity hardware [3] These are some of the powerful core cloud basic principles that make the network edge highly flexible and programmable.…