Database Security

| 0 comments

Databases are the core targets for hackers and they can be a source of vengeance when it comes to disgruntle employees.  In this case, the Human Resources (HR) group has requirements to house data that are used across the corporation from management to the level of employees, which requires numerous security considerations. Traditionally access control has been performed at the application level within code however if a database accounts properly for access control the value of this level of control begins to take shape.  The workflow demonstrated in figure 1 provides the needed foundation to address interfaces, enforcement, and access tokens.  While role based authorization at the database is not a new idea the concept of fine grain control accounts for rule based evaluations as well it is applied at row level which allows access to be controlled at the lowest level (Opyrchal, Cooper, Poyar, Lenahan, Zeinner, 2011).  By adopting this level of security data owners and database administrators are provided a valuable tool to ensure the proper person have the needed access and only during the times when access is required. Organizations must understand that data is the both the most valuable asset and at the same time it …

Continue reading

WikiLeaks Lessons Learned

| 0 comments

In the end, the distinction that is drawn from WikiLeaks is that this organization in no way resembles traditional or modern day hackers.  In order to back up this assertion it is important to understand the definition of a hacker, which is a person who illegally gains access to and sometimes tampers with information in a computer system. Traditional Hackers While WikiLeaks had been existence for some time, they gained notoriety when a United States (US) service member leaked classified Pentagon documents.  For this reason, I advocate that the term hacker is not relevant.  In fact, it seems the US Congress agrees and in 2010, they introduced a bill that intended to both prevent leaking of material as well as publishing this material (Goth, 2011).  In essence, leaking documents of any nature may be punishable under the law; however, it in no way rises to the level of hacking.  Either way attacks cripple or damage an organization. Monitoring All systems are at risk from attacks both from internal and external entities.  For this reason, it is imperative to employ intrusion detection to provide the needed security measures in protecting people, data, and other systems.  This type of detection can be …

Continue reading

Metasploit: Penetration Testing Tool Of Choice

| 0 comments

Penetration testing is key to security and Metasploit is an easy-to-use penetration testing solution that provides network penetration testing capabilities, backed by the world’s largest fully tested and integrated public database of exploits. Built on feedback from the Metasploit user community, key security experts, and Rapid7 customers, Metasploit Express enables organizations to take the next step forward in security. If you’re running or responsible for any type of IT system that hackers or cyber criminals may want to break into, deface, or bring down for business or pleasure, Metasploit Framework is for you. The tool enables you to carry out penetration tests (often called “pentests”) on your own systems. This means you’re attacking your own systems in the same way a hacker would to identify security holes. Of course, you do this without actually harming the network. Jump on over to Metasploit and download a copy today!

OWASP Application Security Tutorials

| 1 Comment

Application security encompasses measures taken throughout the application’s life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.  Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. Open Web Application Security Project (OWASP) updates on the latest threats which impair web based applications. This aids developers, security testers and architects to focus on better design and mitigation strategy.

Diskeeper 2011 Product Contest

| 0 comments

If you recall my Product Review: Diskeeper 2010 from the past it is worth stating that the Diskeeper Corporation has revealed the near future release Diskeeper 2011 which bring a number of great feature to the table that goes a long way in assisting you in keeping those fragmented hard drives under control. The fine folks at the Diskeeper Corporation has graciously provided three FREE licenses of Diskeeper 2011 Home, just continue reading for details on how to win. Diskeeper has always been the de facto standard for tooling surrounding fragmentation in my book and while there are a number of similar products out there nothing can compare to Diskeeper… But now with new Diskeeper 2011, fragmentation is becoming a thing of the past! Who Is Diskeeper? Diskeeper is a Microsoft Gold Partner. They also serve as a Strategic Alliance Partner to accommodate the needs of Strategic Alliances such as Intel, IBM, Lenovo, Dell, and HP in providing an optimum solution to fragmentation and other performance and reliability issues to their customers. With this type of partners it becomes evident of the quality around the Diskeeper software. Benefits Continually optimized read/write speeds with no resource conflicts I/O activity reduced an …

Continue reading