Hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks. In other words, hacking is identifying weakness in computer systems or networks to exploit its weaknesses to gain access. Businesses need to protect themselves against such attacks. Hacking is typically technical but hackers can also use [...]
It is essential for all organizations to protect their networks. With hackers increasing and becoming smarter day by day, the need to utilize network security tool becomes more and more impotent. Network security is any activity designed to protect the usability and integrity of network and data. In fact, network security is a term used [...]
All organizations are need to keep their apps and devices secure. These apps/ devices must be compliant with the security baselines defined by the organization. A security configuration checklist (lockdown or hardening guide or benchmark) is form a series of instructions for configuring a product to a particular security baseline. IT security checklists are helpful to [...]
The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. This Institute develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. For example, one of NIST’s roles is to develop guidelines on how companies can [...]
Recent our posts were about NIST SP 800-137 and NIST SP 800-53A. In this post, we are going to review NIST SP 800-145. The title of this article is: Evaluation of Cloud Computing Services. This publication published in 2010. The PDF file of this publication consists of 32 pages and 7 chapters. These chapters are: Chapter [...]
Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention (DLP) focuses on preventing illicit transfer of data outside organizational boundaries. Data loss prevention is a set of tools and processes used to ensure that sensitive data is not lost, misused, [...]
A penetration test (pen test or pentest and or ethical hacking) is a simulated cyber-attack against a computer system to check for exploitable vulnerabilities. You should not be confused it with a vulnerability assessment. Source: en.wikipedia.org In fact, this test simulates a real-world attack to determine how any defenses will fare and the possible magnitude [...]
We have already published posts about firewalls and also hardware firewalls. In this post, we'll take a look at pfsense firewalls to help you understand the different aspects of pfsense firewalls. pfSense is an open source firewall/router computer software distribution based on FreeBSD. This firewall developed by Rubicon Communications, LLC (Netgate). It is installed on [...]
Intrusion detection is the process of monitoring the events occurring in network and analyzing them for signs of possible incidents, violations, or imminent threats to security policies. These security measures are available as intrusion detection systems (IDS) and intrusion prevention systems (IPS). At result, IDS and IPS are both parts of the network infrastructure. IDS and [...]