-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
The NHSTA (National Highway Traffic Safety Administration) has recommended that a set of guidelines titled “Cybersecurity Best Practices for Modern Vehicles” be followed by every automaker. Even though it is not […]
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
Nessus Assignment Paper
Nessus Assignment PowerPoint
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
The DDoS attack on 10/21/16 that took down Dyn wreaked havoc throughout the internet. Many websites like Spotify, Twitter, Paypal and many other sites were down for a significant amount of time. This goes to show […]
-
Hello Ioannis/class- this is another example of the amount of power that could be used for a good cause and not negatively. I first saw this article this morning and I was not surprised to learned that the amount of connections pointing to a single nude can create a significant DDOS attack, but this looks like hackers are using more sophisticated weapons since they launched 3 different attacks until evening hours.
This also raises new questions about the Internet of Things and how we are protected against malicious attacks like this one. In my humble opinion, we are not ready for IoT or the amount of network devices connected to the internet, because it imposes great risks and major vulnerabilities.
-
-
Ioannis S. Haviaras posted a new activity comment 8 years ago
Quantum computing uses quantum physical properties to perform operations at a substantially faster rate than any computer would be able to perform today. In traditional computers transistors are either switched on or off (0 or 1), in quantum computers there are an infinite number of states that the “transistors” could undergo. Ultimately, this all…[Read more]
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
In the upcoming election on November 8th neither Hillary Clinton or Donald Trump have presented their cybersecurity initiative for their administration. When asked during the first debate regarding cybersecurity […]
-
It’s funny that I had the same impression as the author of this article. The topic was indeed brought up during the first presidential debate but both candidates could not answer it with a straight face. There were no strategy to combat or protect the US from cybersecurity attacks. We know that the threat is real, yet neither candidates were willing to address the problem head on.
-
Yeah but I still feel recognizing the cyber security hacks as national security challenge is very important.
This actually proves that information security is gaining importance in coming times that it even needs to be a part of political strategy for the competitors and I think in coming time this could be a very important factor to be seen in other elections all over the world.A lot of people are getting victim to the hackers and cyber threats online and they look upon creation of a safe IT environment
-
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
It seems like everyday more and more cyber attacks to organizations are being found however many consumers are reluctant to change their online habits. A study performed by Mary Theofanos found that people are […]
-
I can totally relate to this issue. When you need to login to multiple apps and environments, it gets frustrating to create a brand new “strong” password for each. A lot of times I would need to reset a password, just to forget it again. Sadly, to solve this problem, there is little variance between my passwords now, although I try not to keep them the same.
-
I believe that this is a real concern. Strong passwords are extremely difficult to keep track of and cyber threats are continuing to grow at an exponential rate. Even for the most security aware professional, keeping up with security can be tiring.
-
-
Ioannis S. Haviaras posted a new activity comment 8 years, 1 month ago
Both blacklisting and whitelisting applications is an effective way to implement a group policy in an organization. However, both have their advantages and disadvantages. Whitelisting applications is by far the most secure way to protect an organization but it hinders the Availability part of the CIA triad. Even though this method is more secure,…[Read more]
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
In this article Samuel Visner & Beth Musumeci discuss that the management of cyber security in organizations today are not able to keep up with zero-day vulnerabilities that can cripple them. With the increase o […]
-
I agree that white listing is a more secure approach, but it is inherently more expensive to manage, especially for larger organizations whose number of applications seems to grow over time. You would also require a group of staff to manage, review, and test the isolated applications, thus creating more overhead. Overtime your whitelist will grow, but it doesn’t necessarily mean that the whitelisted applications won’t become infected or vulnerable over time. I think a combination of whitelisting and blacklisting would be best. For instance, you can whitelist servers, because you know exactly what the servers are suppose to do and what type of data is transmitted. If you try to white list say an end user desktop, I believe IT will be not have enough resources to continuously evaluate all the users’ needs to access certain applications and sites to perform their tasks.
-
I agree Loi. A combination of white/blacklisting is best. The company should know “what is bad”, and certainly should not allow ANY app on its networks. Whitelisting an app should not mean that no attention will be paid to it, I believe it still needs to undergo vulnerability scans and have logs checked every once in a while to insure it has not been compromised.
-
-
It is true that Cyber Security Management is in need of a fresh approach, I also believe so because of the rise of “The internet of things,” Artificial Intelligence (AI) and autonomous vehicle programs. Cyber Security methodologies should evolve as rapidly as the increase of smart devices; however, I am not sure white-listing is the only way to effectively protect against malware. Networks can also be designed is a way that are more security friendly as well.
-
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Chief Information Officers should start making sure that mobile devices on their network as secure as possible. In this article Larry Dignan, describes that the biggest threat to corporate security stems from […]
-
Mobile security is absolutely necessary in the corporate world, and I don’t think companies are taking it seriously. My work has a policy where you cannot take any pictures on company premises, but I won’t say if there are any other policies in place. I think one of the most basic things employees need to do is avoid putting confidential work related information on their personal devices. At least at my company, if we bring our laptops to do work, we need to login to a virtual environment first.
-
The company that I work for has a very strict policies on BYOD. First no personal laptops, jump drives or any sort of storage devices are permitted on premises. Secondly, we provide a separate WIFI connection for guests and employees personal devices. The user cannot directly connect to the Wifi unless it is approved by the security team, in which they would provide you a temporary username and password. Only company approved phones and tablets are authorized to store work documents. These devices are encrypted by the company and provided to the employees on an as needed basis. Some devices also requires the user to have a strong authentication. Overall I think the company I work with has very good policies, but as the article stated, the weakest link is still the people.
-
We also have a very strong BYOD policy at our work. We utilize a Mobile Data Management (MDM) solution with a containerized environment for mail, calendar, and contacts. We’ve locked down our webmail so that it cannot be accessed via native applications on the device.
If a device is lost or compromised, it can be remotely wiped from the admin console.
Security policies are pushed to our devices that require the phones to auto lock after 30 seconds and passwords must be reset periodically.
Any documents that are opened from e-mails must be viewed in a content viewer and cannot be saved locally on the device.
While I believe there is still risk associated with any MDM/BYOD solution, I do believe the controls we’ve implemented and those recommended in the article do reduce this risk.
-
I think the lack of security for mobile phones is really ironic. Cell phones and even smart phones are essentially ubiquitous at this point. These devices have internet connection, cameras, microphones, CPUs, RAM, etc. They are literally miniature computers that most people have and most people store personal information on, yet the call for enhanced security is basically null. If the threat to mobile phones isn’t fully mature yet, I’m sure in the next few years, there will be a lot of buzz about compromises through cellphones and new security technologies for cell phones.
-
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Link for SlideShow
Link for Paper
-
Ioannis S. Haviaras commented on the post, "Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security", on the site 8 years, 1 month ago
Mengqi,
Great article. Having a standard questionnaire that companies can use shows that companies are getting serious about their vendor security. If you think about vendors and the data they handle for companies ultimately the organization is as safe as the vendor. If a vendor is unable to handle data safely they are unable to protect…[Read more]
-
Ioannis S. Haviaras posted a new activity comment 8 years, 1 month ago
Shain,
Great article. This goes to show how any organization is vulnerable to attacks such as phishing. Even though it isn’t known who did the attack it is a bit tough to not overlook Russia as a possibility based on the relationship they had with WADA and the Olympics in Rio. WADA should learn from this attack and try to train their employees…[Read more]
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
This article written by the CEO of Carbonite, a business that backs up more than 1.5 million businesses worldwide, would have to give up their encryption technology if the legislation proposed by Senators Burr […]
-
I agree with the position of the Carbonite CEO. This quote from the article really sums up how I feel about this topic:
“I respect the motivation of Senators Burr and Feinstein to protect national security. I agree that national governments should boost their efforts to curb cybercriminal activity. However, I fear the Burr-Feinstein proposal could have just the opposite effect. The broad-reaching approach has the potential to make life easier for cybercriminals and to undermine the very economic prosperity the legislators seek to maintain.”
There are no safe “back doors.” A secret entrance, is still an entrance that could provide intruders, criminals, and unauthorized individuals access to private and confidential information.
-
I agree with Jason. The Senators’ motivations seem to be coming from the right place, but their approach is misguided. The Harvard Business Review article doesn’t get into the technical reasons for why giving the government a back door into encryption algorithms is a terrible idea, but it’s worth understanding at least on a surface level.
In short, there are many in the government who like to describe these back doors as though they were a key capable of opening only a specific lock. However, encryption does not work like a physical lock and key. If you create a back door for a particular encryption algorithm, you have essentially created a skeleton key for every “lock” which uses that algorithm.
Countless man hours have been spent developing better, stronger encryption algorithms. It would be a catastrophic mistake to undermine that work by intentionally building flaws into our encryption. If there is one lesson to be learned in cyber security, it is that any weapon you create can be used against you.
-
The Carbonite CEO makes many good points in this article. ” I fear the Burr-Feinstein proposal could have just the opposite effect. The broad-reaching approach has the potential to make life easier for cybercriminals and to undermine the very economic prosperity the legislators seek to maintain.” I agree with Jason. There are no safe “backdoors” if a hole exists, cybercriminals will find a way in.
-
-
Ioannis S. Haviaras posted a new activity comment 8 years, 1 month ago
This is a tough question to answer because as a head of the NSO group you could potentially see that a malware to monitor a person’s phone could do some good. However, if it landed in the wrong hands it could effect millions of people across the world. This ultimately goes to show that even though Apple devices are deemed relatively safe. This is…[Read more]
-
Ioannis S. Haviaras commented on the post, How much of a risk is BYOD to network security?, on the site 8 years, 1 month ago
Wayne,
Great point, Allowing users to BYOD in a workplace is tricky. Having standard workstations allows standardized support and patches to be issued organization wide. Many people who would BYOD also risk of having old hardware requiring more support. Also, since devices might be older they might not be able to even run the standardized…[Read more]
-
Ioannis S. Haviaras posted a new activity comment 8 years, 1 month ago
Mengxue,
Awesome article! I read somewhere before that the 911 systems being used across the country are very outdated and susceptible to attack. I even read that some systems aren’t even able to properly track a caller in dire need unable to give a location! The nature of 911 calls is necessary for the government to think on how to get these…[Read more]
-
Ioannis S. Haviaras commented on the post, 2 Israeli teens have been arrested for allegedly running a huge hacking tool, on the site 8 years, 1 month ago
Shain,
Very interesting article. This is very scary that someone can now just pay to perform a DDoS attack without having any hacking knowledge. This can lead to many organizations across the world getting attacked because of something like this. Once again this goes to show how the constantly evolving security landscape can be harmful to both…[Read more]
-
Ioannis S. Haviaras commented on the post, Obama signs two executive orders on cybersecurity, on the site 8 years, 1 month ago
Brent,
Great article. I also read that Obama appointed the first Chief Information Security Officer (CISO) of the federal government. This is definitely a time in which cyber crime starts to play a vital role in our national security. Cyber war crimes are prevalent by Middle East countries trying to hijack systems here in the US to gain intelligence.
-
Ioannis S. Haviaras posted a new activity comment 8 years, 1 month ago
Scott,
I read this article as well online. Its interesting to see how some attacks can not just steal personal information but to completely break a system. Someone who wants to do severe damage to a organization’s information could be on a tour of facilities and just sneakily plug this USB into a server causing it to fail. This goes to show…[Read more]
-
Ioannis S. Haviaras wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
From iOS and OS X security issues that forced Apple to push out an important update this past week, to this vulnerability in both Windows and OS X, goes to show how hackers keep expanding their arsenal everyday. […]
-
Thanks for the post Ioannis.
This goes back to our earlier discussion of ensuring that you have physical security of your devices, especially if you have a work computers out in a cafe-type setting. It might seem harmless to leave your computer momentarily to get or drink or use the restroom, but as you can see it only takes a few seconds for somebody to obtain unauthorized data. I wonder how long it would take them to decrypt the login credentials. Even after obtaining the credentials the attacker will still need access to the physical device to be able to do any real harm. -
An important point to get from the article is that locking the PC or Mac is no guarantee of protection. The tool steals credentials even from a screen locked machine. Even better, there is no need to “Decrypt” anything. what the USB stick gets is what the network is expecting. No need to understand it, just use it. If interested, just look up “pass the hash”, it is essentially what this tool enables.
Wade
-
Ioannis, it’s an interesting article. From the video I found that it only took less than 30 seconds to obtain password. Rather than individuals, I think companies should pay more attention to this. Although most companies require employees to lock their screen when they are leaving, it seems not enough now cause obtaining login password is just so easy. If this is used on a business computer, like CEO’s computer, confidential files and data without other protection will be easily accessed. The data breach will be a great problem to the company, and attackers can make money by selling the company’s confidential data. It looks like it is so easily that even people without technical experience can do it by just plugging in the USB device.
-
- Load More