Application Security Architecture Authentication
CertificationsCorporate ComplianceCryptology
Disaster RecoveryEnterprise SecurityExploits
FirewallsIncident HandlingIntrusion Detection
OS SecurityPolicies and ProceduresSecurity Basics
Security ManagementSecurity ToolsServers
StandardsVoIPVulnerability Management
Web SecurityWiFi SecurityWorms and Viruses

The Journey Toward the Software-Defined Data Center

by Cognizant

This white paper briefly touches upon potential future state scenarios and discusses the implications for today’s legacy infrastructure, management tools, automation levers and data center facilities. How this future state will emerge is still open to debate; but what is clear is enterprises that tread toward adopting SDDC must be cognizant of its potential impact, evaluate possible risks and benefits and take baby steps forward.
» Read more

iOS Security

by Apple

iOS and iOS devices provide advanced security features, and yet they’re also easy to use. Many of these features are enabled by default, so IT departments don’t need to perform extensive configurations. And key security features like device encryption aren’t configurable, so users can’t disable them by mistake. Other features, such as Touch ID, enhance the user experience by making it simpler and more intuitive to secure the device.
This document provides details about how security technology and features are implemented within the iOS platform. It will also help organizations combine iOS platform security technology and features with their own policies and procedures to meet their specific security needs.
» Read more

Software Defined Data Center: Time to Reimagine the Core

by Anuj Bhalla, Gaurav ChaturvedI, and Manjari Sharma

The gap between business demands and IT innovation has closed tremendously with needs and turnarounds moving at the speed of thought. Today’s scale, explosion and availability of data has business, expecting a powerful intervention to exploit it. It is getting difficult to firm up the datacenter roadmap with solutions and products getting launched so rapidly.
This whitepaper attempts to give a perspective on Software Defined Data Center (SDDC) Technology and drives attention to the white spaces and possible gaps which a customer should consider while embarking on this Data Center Transformation journey.
» Read more

Botnet Resiliency via Private Blockchains

by Jonny Sweeny

Criminals operating botnets are persistently in an arms race with network security engineers and law enforcement agencies to make botnets more resilient. Innovative features constantly increase the resiliency of botnets but cannot mitigate all the weaknesses exploited by researchers. Blockchain technology includes features which could improve the resiliency of botnet communications. A trusted, distributed, resilient, fully-functioning command and control communication channel can be achieved using the combined features of private blockchains and smart contracts.
» Read more

5G Security

by Ericsson

5G systems are the next step in the evolution of mobile communication and will be a fundamental enabler for the Networked Society. This development creates new security scenarios and requires new security solutions.
As a result, there is a need for a fundamentally new, multi-actor trust model that allows more flexibility. Security for virtualized networks and services should be considered. Attack-resistance and data security must represent basic design criteria for new protocols, while security assurance and compliance have to be more verifiable and measurable. Tackling these challenges will require new tools such as network slicing, trusted computing and alternative ways of handling user identities.
» Read more

Hardening Oracle Database with Oracle Solaris Security Technologies

by Oracle

This white paper describes and demonstrates how commodity Oracle Solaris operating system security features can be used to lock down network-facing services in order to protect them against internal and external threats. Technology concepts and their realizations are presented in a hands-on fashion using a running example: Oracle Database Server 11g Release 2 executing on Oracle Solaris 10 10/09.
» Read more

Bluetooth mesh networking

by P. DiMarco, P. Skillermark, A. Larmo, and P. Arvidson

Bluetooth mesh, officially launched in July 2017, is a highly anticipated addition to the Internet of Things (IoT) connectivity space. Bluetooth is a widely used short-range technology found in smartphones, tablets and consumer electronics, and the Bluetooth Special Interest Group (SIG) has a strong reputation for delivering specifications and tools that guarantee global, multi-vendor interoperability.
The Bluetooth Mesh Profile standardizes a full stack connectivity solution for mesh networking, extending Bluetooth applicability for IoT use cases. Ericsson is a founding member of the Bluetooth SIG and has actively participated in the definition of the architecture and the development of the mesh profile specification.
This white paper provides an overview of the Bluetooth Mesh Profile and highlights some of its unique features. It also presents a large-scale building automation use case and illustrates the impact of configuration and deployment strategies on the mesh network.
» Read more

How Windows 10 Plans to Stop Script-Based Attacks and How Well It Does It

by Nikhil Mittal

In Windows 10, Microsoft introduced the AntiMalware Scan Interface (AMSI) which is designed to target script-based attacks and malware. Script-based attacks have been lethal for enterprise security and with advent of PowerShell, such attacks have become increasingly common. AMSI targets malicious scripts written in PowerShell, VBScript, JScript etc. and drastically improves detection and blocking rate of malicious scripts. When a piece of code is submitted for execution to the scripting host, AMSI steps in and the code is scanned for malicious content. What makes AMSI effective is, no matter how obfuscated the code is, it needs to be presented to the script host in clear text and unobfuscated. Moreover, since the code is submitted to AMSI just before execution, it doesn’t matter if the code came from disk, memory or was entered interactively. AMSI is an open interface and MS says any application will be able to call its APIs. Currently, Windows Defender uses it on Windows 10. Has Microsoft finally killed script-based attacks? What are the ways out? The talk will be full of live demonstrations.
» Read more

Hardening BYOD: Implementing Critical Security Control 3 in a Bring Your Own Device (BYOD) Architecture

by Christopher Jarko

The increasing prevalence of Bring Your Own Device (BYOD) architecture poses many challenges to information security professionals. These include, but are not limited to: the risk of loss or theft, unauthorized access to sensitive corporate data, and lack of standardization and control. This last challenge can be particularly troublesome for an enterprise trying to implement the Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CSCs). CSC 3, Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations and Servers, calls for hardened operating systems and applications. Even in traditional enterprise environments, this requires a certain amount of effort, but it is much more difficult in a BYOD architecture where computer hardware and software is unique to each employee and company control of that hardware and software is constrained. Still, it is possible to implement CSC 3 in a BYOD environment. This paper will examine options for managing a standard, secure Windows 10 laptop as part of a BYOD program, and will also discuss the policies, standards, and guidelines necessary to ensure the implementation of this Critical Security Control is as seamless as possible.
» Read more

Beats & Bytes: Striking the Right Chord in Digital Forensics (OR: Fiddling with Your Evidence)

by Ryan D. Pittman, Cindy Murphy, and Matt Linton

This paper will present results from a recent survey of DF/IR professionals and seek to provide relevant observations (together with published psychological, sociological, and neurological research) to discuss the similarities and intersections of DF/IR and music, as well as identify potential correlations between being a successful DF/IR professional and playing music. It will also discuss numerous challenges facing DF/IR professionals today and how learning to play and enjoy music can help DF/IR personnel both overcome some of those challenges and be more effective in their chosen field.
» Read more

1 2 3 4 7