Posts categorized “security”
This post explores packet sniffers, which are a useful tool and a potential threat. It provides detailed information about packet sniffers, software used as packet sniffers, how sniffers work, types of sniffing, protocols vulnerable to sniffing, Wireshark® filters, threats of Address Resolution Protocol (ARP) poisoning, span port, and how to defend against packet sniffing.
This article provides initial steps for deploying Palo Alto Firewall on AWS, but the configuration of advanced features in AWS is beyond the scope of this article.
Organizations face a major challenge securing sensitive data like social security numbers, bank account and routing numbers, and other similar data.
This blog covers the essentials of how to use the advanced security option to secure sensitive data within an Oracle® database by using Transparent Data Encryption (TDE). This feature enables you to encrypt database columns and manage encryption keys.
This blog explains how to recover the enable password and the enable secret passwords of the Cisco® Adaptive Security Appliance (ASA) and Cisco router. These passwords protect access to privileged execution and configuration modes. You can recover the enable password password, but the enable secret password is encrypted and must be replaced with a new one. You can also recover the Fortinet® Fortigate super admin password.
AWS Security Hub was announced in Andy Jassy's re:Invent 2018 Keynote(46:23) and pitched as "a place to centrally manage security and compliance across your whole AWS environment (applause)" and then went on to announce an array of partners who were part of the initial integration effort (muted applause). While this announcement enjoyed just 3 minutes on centre stage, this is a significant development.
Beginning with SAP® version 4.0, you can use the Security Audit Log feature to record security-related system information, such as changes to user master records or unsuccessful logon attempts. This log is designed for auditors who need detailed information about what occurs in an SAP system. By activating the audit log, you keep a record of all of the activities that you consider relevant for an audit. You can then access this information in the form of an audit analysis report. This blog helps you activate your SAP Security Audit Log.
Getting started with MongoDB® is easy. However, you can run into several hiccups with its new features that emerge on an ongoing basis. One such area of concern is security, which is the focus of this blog.
I decided to run an ssh honeypot in my Cloud Server on the Internet. While this has been done many times by others, I wanted to see what would happen and share my results.
Our customers require us to develop software that is trustworthy and secure. Privacy also demands attention. To ignore the privacy concerns of users is to invite blocked deployments, litigation, negative media coverage, and mistrust. The Quality Engineering (QE) Security team’s goal is to minimize security- and privacy-related defects in design, code, documentation, and to detect and eliminate these defects as early as possible in the software development life cycle (SDLC). Developers who most effectively address security threats and protect privacy earn users’ loyalties and distinguish themselves from their competitors.
In Rackspace's VMware Practice Area, we value the quality of our products very much, and we believe that quality is a team effort. The Quality Engineering (QE) team works with the Development team, Project Management team, Product Engineering team and DevOps team to improve the quality of developed products. Our quality standard has three key pillars: functionality, performance, and security. Our goal is to identify and fix defects as early as possible so that we can deliver secure functional products that perform well for our customers.
This blog explores Cisco® FirePOWER® technology and next-generation firewalls (NGFW). NGFWs are composed of Adaptive Security Appliances (ASA) and a software module that takes care of the main functions like application control, intrusion protection, anti-malware protection, and URL filtering.
The GNU Privacy Guard (GPG) is a complete and free implementation of the OpenPGP standard as defined by RFC4880, also known as PGP (Pretty Good Privacy). GPG, also known as GnuPG, is a command line tool with features for easy integration with other applications.
Most companies that exchange sensitive data, such as payment details, employee information, and so on over the internet, use PGP encryption to transfer files securely between two systems. This blog introduces GPG, why you should use file encryption, and what are the steps involved in both file encryption and decryption.
As part of our user security awareness training, we perform tests of our personnel in the work environment. One training exercise involved testing for unattended computers by inserting a USB device that would display a ransomware screen.
The Threat and Vulnerability Analysis team at Rackspace is charged with providing internal vulnerability scanning, penetration testing, and red/purple teaming capabilities to reduce cyber-based threats, risk, and exposure for the company. One of our tasks, as part of meeting certain compliance objectives, is to ensure systems are not exposed from various networking "perspectives" without going through a bastion first.
A common technical challenge for developers, operations, and IT security is the management of service account credentials used by applications. Service accounts are needed to authorize different components for communication and sharing data. This is true whether the application runs in the cloud or on-premise. The problem is that these credentials have the following issues:
- They are setup one time.
- They never expire.
- They are hard-coded into configuration files.
I want to share some design thoughts on how to make changing credentials easier.
A few months back, I decided to find a way to lighten the load of ad-hoc vulnerability scanning requests by our system owners. Our most frequent requests used to go something like this: "Can you scan this"..."Ok I fixed it, scan again."
Given the prevalence of Slack and associated bots, I thought it would be a good idea to try to write my own for scanning. Enter the InsightVM Slack Bot!
There are many ways to approach the broad topic of "security automation". After repeatedly trying new approaches, evaluating them against my assumptions and goals, and modifying them as I learn new things, I've come up with a number of helpful insights. I hope you find them useful in thinking about your own security automation goals.
One of the many benefits of using and working with Python is its ability to
introspect itself. This empowers us to write and use tools to analyze the
projects we use and write. Tools written in Python can use the built-in
module to parse and analyze other Python code into an "Abstract Syntax
Tree". Perhaps you've heard of Flake8, PyFlakes, PyLint, Radon, or another
tool that provides style checking, lint discovery, or complexity computation?
They all use the AST to provide that functionality. There's also a tool called
Bandit that uses the AST to provide static security analysis of Python
TLS and SSL are two critical technologies which underly much of the secure communications that occur on the internet. Over the past few years, spurred by increasingly effective attacks and a desire for new functionality, SSL and TLS have seen many new features, as well as practical improvements.
Python is currently in a transitional period between Python 2 and Python 3. For
the past few years, all new feature development has been happening on Python 3,
including new features in Python's
ssl module. This means that Python 3 users
have had acccess to these improvements to TLS, but Python 2 users (still the
majority of Python users) have been falling behind.
In the last several years and with the advent of social coding sites like GitHub, there has been an increasing openness in code sharing. This is great on so many levels as it promotes the open source model, and in general is a nice thing.
One security side effect has been the accidental disclosure of sensitive information in the code that is shared publically. This problem existed before with things like database or SMTP passwords in configuration files but in the world of cloud and API keys this problem increases in its severity.
Whereas database servers were generally well protected and so even accidentally revealing the password was not the worst thing to happen, exposing API keys on public repositories has serious consequences. You have given someone the keys to your whole cloud kingdom. With these keys one can spin up servers, view your data, upload illegal data and the list goes on. Hackers are most likely searching on these repositories for such information.
We recently had a good debate in the Rackspace tech community on this topic and this post tries to present some best practices and also some ways to clean up should it happen.