-
What is Zero Trust?
Zero Trust Castle & Moat construct (which assumes that all security threats come from outside an organization) is outdated & problematic. Shift in attitude from trusted to untrusted. Trust is a vulnerability. Workers (users) are our weakest link No trust-by-default… Instead, Why don’t we inherently distrust everything? The user today needs a variety of access methods to a multitude of systems (while simultaneously NOT trusting them). The ‘Zero Trust’ model allows workers to perform their roles & responsibilities in a much more secure, much less trusted environment. The framework was conceptualized by Forrester Research in 2010. Not “Trust, but verify” rather, “Verify, then trust…but only a little.” No person is…
-
CompTIA Security Plus + Full Course [VIDEO]
Security+ Full Course video from YouTube. **** Topics Discussed **** Introduction to Network Devices (part 1) (0:00) Introduction to Network Devices (part 2) (8:06) Introduction to Network Devices (part 3) (15:50) Secure Network Administration Concepts (34:00) Cloud Concepts (41:00) Secure Network Design Elements and Components (48:00) Common Network Protocols (part 1) (55:20) Common Network Protocols (part 2) (1:01:00) Common Network Protocols (part 3) (1:08:00) Wireless Security Considerations (1:13:54) Risk Related Concepts (part 1) (1:23:12) Risk Related Concepts (part 2) (1:29:43) Risk Related Concepts (part 3) (1:36:08) Integrating Data and Systems w Third Parties(21:50) Risk Mitigation Strategies (1:41:27) Basic Forensic Procedures (1:46:17) Incident Response Concepts (1:54:15) Security Related Awareness and Training…
-
Virtual Machines VM’s Are Being Used to Hide Ransomware Activity
As society continues to embrace all things cloud and move more toward virtualization, this field becomes a ripe target for malicious actors (bad people). We are now seeing the use of VMs to implement and hide malicious activity including ransomware. The tactic involves hiding the ransomware payload in a virtual machine on infected hosts. The use of a VM is to provide stealth and help avoid detection for as long as possible. Hosting encryption software within a self-started VM means that typical anti-virus software will not detect it! And when the VM is closed down, it removes a significant amount of possible forensic evidence with it! That’s not good. Some…
-
What is a Ragnar Locker Ransomware Attack?
Ragnar Locker is ransomware that affect devices running Microsoft Windows operating systems. The Ragnar Locker method was first observed in December 2019 as part of a series of attacks against compromised networks. Biblio: Ragnar locker malware: what it is, how it works and how to prevent it–Infosec Institute
-
Post-Quantum Cryptography: The Race Is On
Quantum computers and quantum cryptography have become hot industry buzzwords that are popping up more in the press. With that, the question becomes what happens to the security of our data covered by today’s pre-quantum cryptography technology? This Forbes article helps highlight solutions on the way in the race to post-quantum cryptography: The good news is that solutions are on the way. Recognizing the urgency of the task and the time needed to formulate, choose, standardize and deploy new systems, the U.S. National Institute of Standards and Technology (NIST) launched a Post-Quantum Cryptography (PQC) standardization process in 2016. In July 2020, NIST announced seven third-round candidates, covering both public-key encryption (PKE) and digital…
-
Current Events Breakdown: To unlock a terrorist’s iPhone, the FBI turned to an obscure company in Australia; a technique called an “Exploit Chain” was used.
So there’s quite a juicy, drama-filled story in the Washington Post that could be a Hollywood plot line about Apple, the FBI, a terrorist’s iPhone, and HACKERS!!! Azimuth Security, a publicity-shy company that says it sells its cyber wares only to democratic governments, secretly crafted the solution the FBI used to gain access to the device, according to several people familiar with the matter. The iPhone was used by one of two shooters whose December 2015 attack left more than a dozen people dead. So, yeah Azimuth is a hacking firm for the better good you can say. Azimuth is a poster child for “white hat” hacking, experts say, which…
-
‘Welcome To The Edge!!!’–What Is Edge Computing???
[Note: This is an evolving, continuously updating post for my research purposes to learn more about SASE, or Secure Access Service Edge. First, I’m laying the groundwork for what ‘edge computing’ is.] Edge Computing The term ‘edge’ is all the rage these days. From a infrastructure-centric point of view, “Edge computing is at it’s essence cloud principles applied at the network edge close to the user“[3]. It can include: Virtualization (Compute virtualization, Storage virtualization, Networking virtualization) Resources On Demand API Driven Approach Automated LCM Life-Cycle management Use of Commodity hardware [3] These are some of the powerful core cloud basic principles that make the network edge highly flexible and programmable.…
