As I look back over my twelve weeks of blog postings, I did blog on a variety of issues, but a consistent theme I see is around security issues important to me. The two themes that I see are those related to identity theft and the security of new gadgets.
Identity theft is a concern of mine. My sister has gone through it having credit card checks stolen from her mail box, so I am very aware of the impact that it has on your credit and the work it takes to restore it.
The other area that I have an interest in is the security around iPhone and iPad applications and their business use. My husband drug me into the world of gadgets a year or so ago with my iPhone and I must admit, I have never looked back. My iPhone has become a necessity for me to stay in contact with work as well as socially. I recently purchased an iPad for my husband and we are contstantly finding different ways to use it and seeing is used for all kinds of business reasons daily.
I must admit, the blog was good for me in that I did pay attention to the current issues in technology. I learned a lot and do think that following a blog of someone that you like their style would be beneficial and a learning experience.
Friday, March 4, 2011
Sunday, February 27, 2011
Week 11 CIS608 - Securing iPads for Business
If you do not own an iPad, most likely you will soon. The iPad is becoming one of the most widely used tech gadget for work and play. Many businesses are starting to use them for taking orders in a restaurant to recording the medical statistics of your doctor's visit.
The concern around the use of the iPad in the IT industry is the difficulty and expense in securing the device. Citrix has been the favored method of securing access of iPads, but is extremely expensive and difficult to implement. Apple has considered this problem and created FileMaker, a wholly owned subsidiary of Apple and a database company.
FileMaker provides an interface into SQL databases against which you can quickly and cheaply design PC interfaces. FileMaker Go is the product designed to provide a secure interface for the iPad to an SQL database.
The iPad does not archive or store any of the data viewed from the database, thus causing it to not need to meet security requirements.
The size, ease of use are a huge benefit of the iPad and now the security is no longer at question.
http://www.darkreading.com/blog/229219372/filemaker-for-securing-ipads-at-work.html
The concern around the use of the iPad in the IT industry is the difficulty and expense in securing the device. Citrix has been the favored method of securing access of iPads, but is extremely expensive and difficult to implement. Apple has considered this problem and created FileMaker, a wholly owned subsidiary of Apple and a database company.
FileMaker provides an interface into SQL databases against which you can quickly and cheaply design PC interfaces. FileMaker Go is the product designed to provide a secure interface for the iPad to an SQL database.
The iPad does not archive or store any of the data viewed from the database, thus causing it to not need to meet security requirements.
The size, ease of use are a huge benefit of the iPad and now the security is no longer at question.
http://www.darkreading.com/blog/229219372/filemaker-for-securing-ipads-at-work.html
Saturday, February 19, 2011
Week 10 CIS608 - Dual Authentication
The article " Google Introduces Two-Factor Authentication Option" caught my eye in relation to the topics covered in this week's CIS608 class. Google has announce the ability for a two-tactor authentication when logging into Gmail using a smart phone.
The system will take the user around 15 minutes to enroll, but the additional authentication will be present going forward with an extra page being displayed that prompts you for a code when you sign in to your account. "After entering your password, Google will call you with the code, send you an SMS message, or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device."
By using this system, a hacker will need both the user's password and the user's phone to access the account. With the prevalence of the use of smart phones today to access email, this is an additional security feature that many will find beneficial and the extension to other email systems is no doubt in the near future.
http://www.darkreading.com/authentication/167901072/security/client-security/229218478/google-introduces-two-factor-authentication-option.html
The system will take the user around 15 minutes to enroll, but the additional authentication will be present going forward with an extra page being displayed that prompts you for a code when you sign in to your account. "After entering your password, Google will call you with the code, send you an SMS message, or give you the choice to generate the code for yourself using a mobile application on your Android, BlackBerry or iPhone device."
By using this system, a hacker will need both the user's password and the user's phone to access the account. With the prevalence of the use of smart phones today to access email, this is an additional security feature that many will find beneficial and the extension to other email systems is no doubt in the near future.
http://www.darkreading.com/authentication/167901072/security/client-security/229218478/google-introduces-two-factor-authentication-option.html
Sunday, February 13, 2011
Week 9 CIS608 - Identity Theft on the Decline?
Is identity theft on the decline? Actually, the simple card theft which leads to identity theft is on the decline. The bad news is that a more sophisticated identity theft of opening loan and accounts is on the rise.
Overall identity fraud did decrease, but the costs associated increased 63 percent last year, from $387 in 2009 to $631 per incident in 2010.
Another trend on the increase is Friendly Fraud in which the perpetrator was a roommate; friend or family member knew the victim in their attack.
Another trend to note was that people who received a letter concerning a data breach were six to seven times more likely to be victims. This goes to show that even though the organization involved in the data breach has taken action to prevent the action in the future, that individuals, whose personal information was stolen, also need to take measures their data is safe in the future.
Overall identity fraud did decrease, but the costs associated increased 63 percent last year, from $387 in 2009 to $631 per incident in 2010.
Another trend on the increase is Friendly Fraud in which the perpetrator was a roommate; friend or family member knew the victim in their attack.
Another trend to note was that people who received a letter concerning a data breach were six to seven times more likely to be victims. This goes to show that even though the organization involved in the data breach has taken action to prevent the action in the future, that individuals, whose personal information was stolen, also need to take measures their data is safe in the future.
Identity theft is not to be taken lightly. With the trends discussed above, the costs to reclaim your identity are on the rise making it more than ever a time to be diligent on the information you disclose.
Saturday, February 5, 2011
Week 8 CIS608 - Attack Aware
Attack aware applications? It this possible? Mozzilla seems to think so. Another layer has been added to security for Mozilla's web applications. The applications are able to identify abnormal user actions. The applications recognize user errors, such as typos, and are also able to identity deliberate attacks against the application and provide a warning mechanism. The goal is to detect a malicious user probing for application weaknesses and disable their ability to cause damage to the system.
The application would use a blacklist approach to detect a possible attack such as a maliciouss user inserting rogue values in the password-reset token URL. A normal user would not accidentally modify the URL to include a SQL injection attack.
The security would only be for the Mozzilla applications. This new security mechanism does not replace any existing security, but just add an additional layer. The layered approach to security is very beneficial and the approach to specifically make application aware create a whole new level of security to ensure the end user remains secure.
http://www.darkreading.com/security-monitoring/167901086/security/application-security/229201102/mozilla-working-on-making-its-applications-attack-aware.html
The application would use a blacklist approach to detect a possible attack such as a maliciouss user inserting rogue values in the password-reset token URL. A normal user would not accidentally modify the URL to include a SQL injection attack.
The security would only be for the Mozzilla applications. This new security mechanism does not replace any existing security, but just add an additional layer. The layered approach to security is very beneficial and the approach to specifically make application aware create a whole new level of security to ensure the end user remains secure.
http://www.darkreading.com/security-monitoring/167901086/security/application-security/229201102/mozilla-working-on-making-its-applications-attack-aware.html
Sunday, January 30, 2011
Week 7 CIS608 - Password Sharing
Password sharing is so often a common practice for accounts when there is constant turnover in the workforce, so one generic account is created. As the executives at Vodafone, an Australian based cell phone provider, have found out, this is not a practice to follow, especially when sensitive customer data can be accessed through this account.
A journalist shared the news with the Vodafone executive management of her ability to access their most sensitive data, with legitimate credentials. Vodafone has since taken action to remove employees and update security, but they are not able to quantify the amount of data that was breached or could have been breached. They are looking into legal action as well toward the former employees.
When sensitive data is available, security has to be enforced. The sharing of passwords may be taken lightly, but as more and more companies are finding out, there are legal ramifications to the practice.
http://www.darkreading.com/authentication/167901072/security/security-management/229100384/a-glaring-lesson-in-shared-passwords.html
A journalist shared the news with the Vodafone executive management of her ability to access their most sensitive data, with legitimate credentials. Vodafone has since taken action to remove employees and update security, but they are not able to quantify the amount of data that was breached or could have been breached. They are looking into legal action as well toward the former employees.
When sensitive data is available, security has to be enforced. The sharing of passwords may be taken lightly, but as more and more companies are finding out, there are legal ramifications to the practice.
http://www.darkreading.com/authentication/167901072/security/security-management/229100384/a-glaring-lesson-in-shared-passwords.html
Sunday, January 23, 2011
Week 6 CIS608 - Food and Beverage Industry Top 2010 Data Breaches
Throughout the information security classes that I have taken, the trends for the industry or category in which data breaches occur has been studied. The article, "Report: Food And Beverage Industry Hit Most By Breaches In 2010" was the topic this week which caught my attention. The food and beverage industry has seen a growing trend with data breaches, but appears that 2010 is the year that this industry was hit the hardest.
It is interesting that the data breaches appear to have been the work of a single organized crime group out of the Russian Federation. The crime group used malware to which was continuously tweaked for the attacks. The group targeted a business such as a coffee shop and then searched out other businesses using the same operating systems to continue their attacks.
The majority of breaches were due to the insecure code or poor security in managing third-party applications and involved data stolen in transit, rather than stored data.
It is interesting to see that an industry that seems to be more on the small change side has become a target.
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229000957/report-food-and-beverage-industry-hit-most-by-breaches-in-2010.html
It is interesting that the data breaches appear to have been the work of a single organized crime group out of the Russian Federation. The crime group used malware to which was continuously tweaked for the attacks. The group targeted a business such as a coffee shop and then searched out other businesses using the same operating systems to continue their attacks.
The majority of breaches were due to the insecure code or poor security in managing third-party applications and involved data stolen in transit, rather than stored data.
It is interesting to see that an industry that seems to be more on the small change side has become a target.
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/229000957/report-food-and-beverage-industry-hit-most-by-breaches-in-2010.html
Subscribe to:
Posts (Atom)