Why use Transport Layer Security (TLS) for email encryption?
Why use Transport Layer Security (TLS) for email encryption? Sending unencrypted messages increases the risk that messages can be intercepted or altered. TLS security technology is designed to protect confidentiality and data integrity by encrypting e-mail messages between servers and thereby reducing the risk of eavesdropping, interception, and alteration. TLS is also a widely recognized standard issued by the Internet Engineering Task Force (IETF) for securing transmitted data and is now supported on most commercial mail servers. For those who may be new to TLS but already familiar with SSL it may help to know that TLS is the successor to the Secure Sockets Layer (SSL) protocol. Who can use TLS? Financial institutions can benefit greatly from the use of TLS. In fact, the general consensus among many financial institutions is that there is … Read entire article »
Filed under: Featured, IT Security
Review: Core Impact Pro for Penetration Testing
Core Impact Pro is a very high end tool that can be used effectively as part of an overall risk management program. As a penetration tool, it can be a good complement to any existing vulnerability assessment. Core Impact Pro can be used to scan and exploit systems using multiple modules for information gathering, exploitation, local information gathering, privilege escalation, pivoting, clean-up and reporting. A tool this powerful could definitely make many IT or network administrator’s nervous since it attempts not only to find but also to exploit vulnerabilities. But in actuality this tool only deploys agents in the target’s memory that act like flags. If the a vulnerability is not actually exploitable then Core Impact will not be able to place the flag agent in the target’s memory. This obviously confirms … Read entire article »
Filed under: IT Security, Reviews
Expect more Botnet attacks like the one that downed Twitter
Why would I say that? I say that for several reasons but mostly for the simple fact that these botnet attacks are working. On August 6th, 2009 a botnet attack brought Twitter and Facebook to its knees. Before I mention a few more reasons on why we can expect to hear more about botnets let me give you a little background on botnets so that we’re all on the same page. First the glossary: Botnets - Botnets are zombie like programs that can infect a computer or network of computers. Zombie botnets can link together to form an army and can attack in droves even in the millions. Botnet Herder - The Botnet herder is the programmer or the group of programmers who writes the program but not always the one who controls the botnets since the botnet herder can sell … Read entire article »
Filed under: IT Security
Review: McAfee Vulnerability Manager
On one of my project assignments I had the opportunity to work with the McAfee Vulnerability Manager appliance (formerly Foundstone). It is a very powerful network vulnerability scanner. This appliance can do relatively quick discovery scans of network assets across the enterprise looking for possible threats that would be vulnerable to attack. It can also provide very detailed information if provided with proper credentials for the assets being scanned. This means that the system not only … Read entire article »
Filed under: Featured, IT Security, Reviews