IT security, aka, protecting your company from hackers, has morphed rapidly.

IT security, aka, protecting your company from hackers, has morphed rapidly.

IT security, aka, protecting your company from hackers, has morphed rapidly.

As the world has changed and new technology has emerged there are newer concepts and terms that business owners and managers need to intimately understand. IT security threats have never been more prolific and advanced. While the days of hard drives and desktop computers is hardly over there has been quite the paradigm shift in the way of IT security. Why?

    1. Bring your own device (BYOD)—also called
      What happens if you connect to the corporate network and malware, spyware, viruses and other malicious entities proliferate to other systems?

      What happens if you connect to the corporate network and malware, spyware, viruses and other malicious entities proliferate to other systems?

      bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smartphones) to their workplace, and to use those devices to access privileged company information and applications. The phenomenon is commonly referred to as IT consumerization. What happens if you connect to the corporate network and malware, spyware, viruses and other malicious entities proliferate to other systems?

    2. Specifically mobile phones. When developing native applications is thought given during the DLC (development life cycle) to ensuring that data passed between the mobile device and web server[s] is protected and, as the case may dictate, run a proper encryption protocol? This is a term used in systems engineering, information systems, and software engineering to describe a process for planning, creating, testing, and deploying an information system.


This is interesting – using the internet as a tool
for discovering your vulnerabilities. Here are just a few tool examples:

    • The Wayback Machine (http://archive.org/web/). Have you put effort into
      The Wayback Machine can help you view a history of your webroot.

      The Wayback Machine can help you view a history of your webroot.

      cleaning up your IT environment or updating it from a security perspective? I visited a company that had fixed holes but never removed old files from webroot. Both an automated code scanner and manual testing yielded very surprising results. Having been hacked a few years previously, they never took the time to sanitize anything in webroot. The result, we were able to completely copy the previous attack and had to mandate that they go through each file and fix each and all issues. The Wayback Machine can help you view a history of your webroot.

    • Automated vulnerability bots that publish dangerous data on thousands of business on the internet. Look them up, search for the name of your business and see if you are on their lists.

      It is likely that you are being scanned by automated software. Do you know any of this data is published?

      It is likely that you are being scanned by automated software. Do you know any of this data is published business on the internet? Look them up, search for the name of your business and see if you are on their lists.

    • Open source intelligence tools that mine data on employee information such as email addresses. Maltego is an open source intelligence and forensics application. Some consider Maltego an open source intelligence (OSINT) tool. This is a potentially great tool to use for internal and external social engineering tests. Check them out here: http://www.paterva.com/web6/.

There is so much more to talk about and discuss. I recommend that you join IT security, ethical hacking, penetration testing and social engineering groups on http://www.linkedin.com, hire a company like Compass IT Compliance and get the great new OWASP Testing Guide.

Visit http://jockpereira.com for more information on IT security related topics and to contact me.

Jock Pereira, jockster@gmail.com, jockpereira.com, 978-666-4000

Jock Pereira

 

IT Security Consultant | Ethical Hacker | Senior Penetration Tester | Social Engineer


Jock Pereira | 978-666-4000 | | 809-261-4191 | www.jockpereira.com |jockster@gmail.com | linkedin.com/in/jockpereirahttps://twitter.com/jockboston

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s