Why Information Security: D-UH!
I almost always feel like saying “D-uh!” every time I see a text heading for an article or book topic that says “Why information security” or “Why Security”. I feel that it is almost a nonsensical question as “why do I need to breathe”. However, stepping back and looking at the big picture, that is really a wrong assumption. It is almost an internal bias that akin to me being surprised at meeting someone who still doesn’t have an e-mail or a broadband connection. It boggles my mind that in this day and age of information security exploits and regulatory liabilities, I still meet programmers and developers who still continue to spit out commercial products that are filled with so many holes that a 13-year old script kiddie can easily slice through it like it was Swiss cheese.
That being said, the nature of my profession makes me a little bit more attuned to information security issues than perhaps the next guy (maybe not guys sitting right next to me as I write this considering that they do the same work as I do, but perhaps the next guy in the mall or something) and whether I like it or not it becomes part of my nature. To me, thinking about threat, vulnerabilities and risks is about as natural as breathing. This fact, however, is not true to majority of digital innovators and users out there. Read more
CISSP Exam Note (Domain 2: Telecommunications and Networking Security) – Remote Access Security Management
Key Concepts:
- Confidentiality – no disclosure of data
- Integrity – no alteration of data
- Availability – no destruction of data
Common Remote Connections
- xDSL – Digital Subscriber Line
- Cable Modem
- Wireless
- ISDN – Integrated Services Digital Network
Common Tools in Securing External Remote Connections
- VPN – Virtual Private Network
- SSL – Secure Socket Layer
- SSH – Secure Shell Read more
CISSP Note (Domain 1: Access Control): C.I.A. – Quick Definitions
Information Security has three key focus ensuring the Confidentiality, Integrity and Availability of information, commonly known as C.I.A. Below are their definitions.
Confidentiality – ensure that information is not disclosed to unauthorized person
Integrity
- Prevention of modification by unauthorized users
- Prevention of unauthorized changes by otherwise authorized users
- Internal and external consistency
- Internal consistency within the system (i.e. within a database the sum of subtotals is equal to the sum of all units)
- External consistency – database with the real world (i.e. database total is equal to the actual inventory in the warehouse)
Availability – ability of authorized personnel to access information on time and as necessary Read more
Join Me On Facebook
Business Tech Press Releases- HostWire Merges into WRGL February 10, 2012
- Altera Announces Upcoming Schedule of Events With the Financial Community February 10, 2012
- Faruqi & Faruqi, LLP Announces Investigation of Powerwave Technologies, Inc. February 10, 2012
- Satisfy Your Valentine in 10 Minutes from Your Mobile Phone or Tablet February 10, 2012
- Italsuit Brings Bargain-Hunting Thrills to Shopping Online February 10, 2012
- From the National Vulnerability Database
- CVE-2011-3958 (chrome) February 7, 2012Google Chrome before 17.0.963.46 does not properly perform casts of variables during handling of a column span, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. […]nvd@nist.gov
- CVE-2012-1033 (bind) February 7, 2012The resolver in ISC BIND 9 through 9.8.1-P1 does not properly implement a cache update policy, which allows remote attackers to trigger continued resolvability of domain names that are no longer registered via an unspecified "Ghost Names exploit." […]nvd@nist.gov
- CVE-2011-3971 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to mousemove events. […]nvd@nist.gov
- CVE-2011-3954 (chrome) February 7, 2012Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service (application crash) via vectors that trigger a large amount of database usage. […]nvd@nist.gov
- CVE-2011-3970 (chrome, libxslt) February 7, 2012libxslt, as used in Google Chrome before 17.0.963.46, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. […]nvd@nist.gov
- CVE-2012-0926 (realplayer, realplayer_sp) February 7, 2012The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. […]nvd@nist.gov
- CVE-2011-3969 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents. […]nvd@nist.gov
- CVE-2011-3956 (chrome) February 7, 2012The extension implementation in Google Chrome before 17.0.963.46 does not properly handle sandboxed origins, which might allow remote attackers to bypass the Same Origin Policy via a crafted extension. […]nvd@nist.gov
- CVE-2011-3968 (chrome) February 7, 2012Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences. […]nvd@nist.gov
- CVE-2012-1035 (ada_web_services) February 7, 2012AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. […]nvd@nist.gov
- CVE-2011-3958 (chrome) February 7, 2012