A honeypot is a trap that an IT security professionals lays for a malicious hacker. A honeypot is a decoy computer system for trapping hackers or tracking unconventional or new hacking methods. It's a sacrificial computer system that’s intended to attract cyberattacks, like a decoy. The goal is to deceive and attract a hacker who [...]
It is essential for all organizations to protect their networks. With hackers increasing and becoming smarter day by day, the need to utilize network security tool becomes more and more impotent. Network security is any activity designed to protect the usability and integrity of network and data. In fact, network security is a term used [...]
A brute force attack (exhaustive search) is a cryptographic hack that relies on guessing possible combinations of a targeted password until the correct password is discovered. This attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Brute force attacks don’t employ an intellectual strategy. These attacks simply try using [...]
All organizations are need to keep their apps and devices secure. These apps/ devices must be compliant with the security baselines defined by the organization. A security configuration checklist (lockdown or hardening guide or benchmark) is form a series of instructions for configuring a product to a particular security baseline. IT security checklists are helpful to [...]
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers/networks. IPsec is usually used to set up VPNs, and it works by encrypting IP packets, along with authenticating the source where the packets come from. Read more about encryption [...]
We have already mentioned hashing in some posts, for example, in this post. We want to talk more about hashing now. Hashing data is a common practice in computer science and is used for several different purposes. Hashing is the practice of taking a string or input key, a variable created for storing narrative data, [...]
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. This Institute develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. For example, one of NIST’s roles is to develop guidelines on how companies can [...]
Recent our posts were about NIST SP 800-137 and NIST SP 800-53A. In this post, we are going to review NIST SP 800-145. The title of this article is: Evaluation of Cloud Computing Services. This publication published in 2010. The PDF file of this publication consists of 32 pages and 7 chapters. These chapters are: Chapter [...]
Our previous post was about NIST SP 800-137. In this post, we are going to review NIST SP 800-53A. NIST SP 800-53 is shorthand for the National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organization. NIST SP 800-53 is a set of standards and guidelines [...]