As the world has changed and new technology has emerged there are newer concepts and terms that business owners and managers need to intimately understand. IT security threats have never been more prolific and advanced. While the days of hard drives and desktop computers is hardly over there has been quite the paradigm shift in the way of IT security. Why?
- Bring your own device (BYOD)—also called
bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smartphones) to their workplace, and to use those devices to access privileged company information and applications. The phenomenon is commonly referred to as IT consumerization. What happens if you connect to the corporate network and malware, spyware, viruses and other malicious entities proliferate to other systems?
- Specifically mobile phones. When developing native applications is thought given during the DLC (development life cycle) to ensuring that data passed between the mobile device and web server[s] is protected and, as the case may dictate, run a proper encryption protocol? This is a term used in systems engineering, information systems, and software engineering to describe a process for planning, creating, testing, and deploying an information system.
This is interesting – using the internet as a tool for discovering your vulnerabilities. Here are just a few tool examples:
- The Wayback Machine (http://archive.org/web/). Have you put effort into
cleaning up your IT environment or updating it from a security perspective? I visited a company that had fixed holes but never removed old files from webroot. Both an automated code scanner and manual testing yielded very surprising results. Having been hacked a few years previously, they never took the time to sanitize anything in webroot. The result, we were able to completely copy the previous attack and had to mandate that they go through each file and fix each and all issues. The Wayback Machine can help you view a history of your webroot.
- Automated vulnerability bots that publish dangerous data on thousands of business on the internet. Look them up, search for the name of your business and see if you are on their lists.
- Open source intelligence tools that mine data on employee information such as email addresses. Maltego is an open source intelligence and forensics application. Some consider Maltego an open source intelligence (OSINT) tool. This is a potentially great tool to use for internal and external social engineering tests. Check them out here: http://www.paterva.com/web6/.
There is so much more to talk about and discuss. I recommend that you join IT security, ethical hacking, penetration testing and social engineering groups on http://www.linkedin.com, hire a company like Compass IT Compliance and get the great new OWASP Testing Guide.
Visit http://jockpereira.com for more information on IT security related topics and to contact me.
IT Security Consultant | Ethical Hacker | Senior Penetration Tester | Social Engineer