Learn about Cyber Security on our blog. This blog features many different points of view. Learn how to protect Internet-connected systems, including hardware, software, and data from cyber attacks. Security comprises cybersecurity and physical security. Enterprise use both to protect data centers and other computerized systems.
Cybersecurity is an ever-increasing and advancing arms race. The attackers and threat actors are constantly harnessing new technology and techniques to increase their return on investment. As the defenders of our corporate, public, and private networks, we must do the same. Automation has long been a fear of every worker however as IT professionals we should be embracing automation.
APIs (Application Programming Interface) have become an increasingly important tool in IT. As businesses have become more reliant on connecting their business applications with each other and third-party tools a weak point has emerged in IT infrastructure.
Armis Breaks Down Vulnerabilities in the Internet of Things
IoT (Internet of Things) has been the buzzword in security for the last 18 months. There have been a number of high-visibility breaches that were orchestrated because of them (one involving a wifi-connected fish tank comes to mind) and there is a lot of information and talk about them out there. I wanted to take a moment to address the hysteria and try to give it some context, at least from my perspective. A common criticism is that these devices are unmanaged. I read that a lot, but what does it mean? Many of these devices have administrative interfaces or applications to manage them, don’t they?
Checkpoint Research Details Flaw in Fortnite SSO
The Checkpoint blog reveals a great breakdown of a flaw in the SSO infrastructure used by the game Fortnite. SSO and other federated authentication platforms can be a double-edged sword. Developing any authentication system is very hard, web-based authentication especially so. You have competing requirements for interoperability and security with little control over the software extensions a user may elect to use or install on top of their browser. Using an authentication mechanism can offload much of this complexity to widely used services provided by companies who have a great deal more resources to throw at the problem.
This post is going to switch back and forth a few times between two issues that plague enterprises as they grow: user credential re-use and administrative password management. Frequently, the bad credential hygiene of a small enterprise will stick around well into their transition to a mid-level enterprise. Most of these bad habits don’t survive into the large enterprise because they don’t scale well, but during these transitions, they can expose an organization to unnecessary risks. I’m hoping to outline some best practices that can scale well enough to mitigate these risks without burdening smaller teams with overwrought credential practices.