Wednesday, April 29, 2026
Home Blog Page 133
AI cybersecurity guidance for small businesses

Know where your business is exposed, what matters most, and what to fix first.

CyberExperts gives small businesses AI-generated cyber checkups, practical recommendations, and recurring cyber hygiene monitoring — without enterprise consulting complexity.

Get an AI Cyber CheckupSee how it works
AI Cyber CheckupIdentify likely weak points and get a prioritized action plan.
Recurring MonitoringStay current with updated cyber hygiene guidance over time.
Built for SMBsPractical recommendations for real-world small business setups.

Most small businesses know cybersecurity matters. Very few know what to fix first.

CyberExperts turns cybersecurity confusion into a practical action plan. Instead of vague fear, generic checklists, or expensive consulting, you get AI-generated guidance focused on likely risks, weak spots, and the most important next steps.

How it works

1. Tell us about your businessShare your team size, tools, email setup, device practices, and current security habits.
2. CyberExperts analyzes your setupOur AI reviews likely weak points, common risks, and practical cyber hygiene gaps.
3. Get a prioritized action planReceive clear next steps in plain English — focused on what matters most.
4. Stay current with ongoing monitoringAdd recurring cyber hygiene monitoring if you want updated guidance over time.

Start with a checkup. Continue with monitoring.

AI Small Business Cyber Checkup

A one-time AI-generated assessment that identifies likely weaknesses, highlights the biggest issues, and gives you a practical action plan.

  • Likely weak points and avoidable risks
  • Top-priority recommendations
  • Plain-English next steps
Start Checkup

AI Cyber Hygiene Monitor

A recurring cyber hygiene subscription that updates your recommendations, flags likely weak spots, and helps you stay current over time.

  • Recurring reassessment
  • Updated recommendations
  • Refreshed priorities over time
See Monitoring

What CyberExperts does — and does not do

Done by AICyberExperts is built as an AI-delivered cybersecurity guidance product.
For small businessesDesigned for operators who want practical guidance without enterprise complexity.
Not a magic guaranteeIt helps identify likely risks and prioritize what to fix first.
Recurring option availableContinue with ongoing Cyber Hygiene Monitor updates over time.

See your biggest cybersecurity gaps in plain English.

Start with an AI Cyber Checkup and get a practical view of what to fix first.

Get an AI Cyber CheckupView Monitoring

Cybersecurity Debt: A Ticking Time Bomb!

Ajay Singh
-
1
Cybersecurity Debt: A Ticking Time Bomb!

By Ajay Singh, Author of CyberStrong! A Primer on Cyber Risk Management for Business Managers

Whenever a significant cyber-attack happens (which is more frequent now than ever before), several issues relating to vulnerabilities, technology, and processes are back on the discussion table for those responsible for cybersecurity. One issue that often gets bypassed or does not get the attention it deserves is the cybersecurity debt that an organization accumulates over time. 

What is Cybersecurity Debt?

Cybersecurity debt is a subset of what is known as ‘technical debt. Simply put, it is an accumulation of vulnerabilities that exist on account of shortcuts taken during the development, deployment, and operation of applications, systems, and networks which at any time can potentially become a source of risk to organization systems. Security debt arises from many factors such as insufficient upfront investment of time, money, resources to address security concerns, inadequate testing, security preparedness procedures, and a tendency to address security issues at a later date. Like the pressures of monetary debt, security debt imposes a long-term burden in terms of unaddressed security issues. 

Not updating systems in time from known vulnerabilities is another form of security debt. Equifax notoriously failed to update a known vulnerability in Apache Struts even though a patch was available, which led to a data breach that compromised the personal data of more than 147 million US citizens. While Equifax is an oft-cited example, delayed patching is more prevalent than we can imagine. A survey by security company Tripwire found that unpatched vulnerabilities cause one in three data breaches.

Even though organizations are aware of the risk involved due to delays in patching, sometimes the sheer scale of the exercise across thousands of systems, locations and devices may be a daunting one. What is more challenging is finding the vulnerabilities that need to be patched. 

Regardless, not patching in time raises security debt and according to Ponemon Institute, the average time to patch is 102 days. They further discovered that 57% of organizations that faced a cyberattack felt that applying a patch would have prevented the attack. What was worse was that 34% said they were aware of the vulnerability before the attack. Today, there are many hackers equipped with various tools which are constantly looking for unpatched vulnerabilities. Living with this kind of cybersecurity debt can be flirting with danger and is avoidable!

Not all vulnerabilities are equally dangerous. MITRE maintained the Common Vulnerabilities and Exposures (CVE) list is a valuable reference for publicly known vulnerabilities. Vendors also provide information to their user organizations that can be useful. Prioritization based on impact and likelihood of risk materializing from vulnerabilities can help ensure that risks are mitigated.

There is also the issue of dealing with cybersecurity debt from legacy business systems that are still in use but do not have their original development teams (inhouse or vendor teams) providing fixes and patches for security vulnerabilities. This type of cybersecurity debt is difficult to address and may involve the costly upgradation of legacy systems. In this context, Accenture, which conducted a study of government agencies, found that 85% of IT leaders believe not updating legacy technology could threaten their agency’s future.

For a software development team, the temptation to use open-source software is hard to resist in the face of hard deadlines. Development timelines and budgets are invariably tight. There is a tendency to focus on a limited set of security concerns without fully understanding the security challenges that may emerge later in the deployment life cycle. Often analysts who define business and functional requirements are focused on aspects of business value and importance and less on security matters. This leaves room for vulnerabilities that attackers can exploit and results in the building up of security debt. Organizations have used multi-functional development teams, including people from development, security, and operations (called ‘devsecops’ teams) to focus on security throughout the development cycle.

Testing methodologies like Static application security testing, interactive application security testing, dynamic application security testing, along with pen testing are today an integral part of a software development cycle. Despite this, the lack of attention to security needs during the development cycle results in vulnerabilities that are not found until after deployment and sometimes discovered only after being exploited.

Eventually, security measures must be commensurate with risks, and this is often a changing equation in a fast-moving cyber threat landscape. In this context, existing security debt puts your organization at a much greater risk of malicious cyber exploits. To address the issue of security debt, organizations must first recognize it as an essential cybersecurity concern. At an actionable level, the following five steps could help in the reduction of cybersecurity debt:

  • Maintain an Enterprise-wide Software Bill of Materials (SBOM)
  • Use a software composition analysis (SCA) tool to help discover the open-source components you are using and develop a risk mitigation plan.
  • Ensure timely patching and updates
  • Build-in security as far as possible during the design and development phases
  • Eliminate legacy Hardware, Software, or Databases dependencies as soon as possible

Becoming security debt-free is perhaps being idealistic, and neither is it entirely necessary unless it represents a source of risk. The more significant challenge is to be in control and not keep raising your levels of security debt across applications, networks, and systems, as this could lead to unwanted consequences such as data breaches, fines, loss of customer and investor trust, and possibly litigation. Without a plan to address it, cybersecurity debt could well be a ticking time bomb!

Tips to Prevent Online Spying When Downloading Large Files

J Broyles
-
0

When downloading a large file, be aware of the risks involved and take steps to protect your privacy. Unfortunately, many people do not realize that they can be spied on when downloading files and end up giving away sensitive information without even knowing it.

This blog post will discuss some tips for preventing online spying when downloading large files. Stay safe and keep your confidential information protected!

Tip #1 – Use a VPN

The first step is to use a VPN (Virtual Private Network). A VPN encrypts your internet traffic and routes it through a secure server, making it much more difficult for anyone to spy on you. If you are not using a VPN, your internet service provider can see everything you’re doing online, including what files you are downloading.

It is best to hide your IP address with a VPN whenever you are online, but it is imperative when downloading large files. Look for a reputable VPN service with solid security features, and do not forget to connect to it before downloading anything.

Tip #2 – Use Encrypted File-Sharing

Another way to protect yourself is to use an encrypted file-sharing service such as Tresorit. Tresorit uses end-to-end encryption, meaning that only you and the person you share the file with can view its contents. Not even Tresorit’s employees can access your data!

Tip #3 – Use a Secure Connection

Another way to protect your privacy is to use a secure connection when downloading files. Look for the padlock icon in your browser’s address bar to ensure you use a secure connection. You can also check the URL to see if it starts with “HTTPS” instead of “HTTPS.”

If you are unsure whether a site is secure, do not hesitate to contact the customer support team and ask. Better safe than sorry!

Tip #4 – Use a Password Manager

If you are not using a password manager, now is the time to start! A password manager can help you create strong, unique passwords for all of your online accounts.

This way, even if one of your passwords is compromised, your other accounts will still be safe. Look for a password manager that offers two-factor authentication for an extra layer of security. We recommend LastPass or Dashlane.

This can prevent online spying because if someone gets ahold of your password, they will not be able to access your account without the second factor.

Tip #5 – Use Two-Factor Authentication

Two-factor authentication (also known as “two-step verification”) is an additional security measure that can be used to protect your online account. With two-factor authentication enabled, you will need to enter both your password and a one-time code before being able to log in.

An app can generate the code on your phone or a physical token. This makes it much more difficult for someone to hack into your account, even if they have your password. Many major websites and online services offer two-factor authentication, so take advantage of it!

Tip #6 – Be Careful About What You Download

Be careful what you download, and only download files from trusted sources. If you are unsure whether a file is safe, do not hesitate to scan it with a virus scanner before opening it.

It is also a good idea to keep your operating system and software up to date. Software developers often release updates to patch security vulnerabilities, so installing them as soon as they are available is essential. Downloading spyware by accident is one of the easiest ways to compromise your privacy, so be careful!

Tip #7 – Update & Run Antivirus Software Regularly

Keep your antivirus software updated and run regular scans. Antivirus software can detect and remove malware, including spyware, from your computer.

There are many antivirus programs available, so choose one that’s right for you. We recommend Bitdefender or Kaspersky. Both programs offer excellent protection against all types of malware, including spyware.

Conclusion

If you follow these tips, you can help protect yourself from online spying. Be careful about what and where you download. Keep your antivirus software up to date and run regular scans to ensure your computer is free of malware. Moreover, most importantly, do not forget to use a VPN!

A VPN will encrypt your traffic and help to keep your identity hidden while you’re online. This is one way to protect yourself from online spying.

How To Bolster Your Website Security With SSL/TLS

Dan Evert, CCNP
-
0
How To Bolster Your Website Security With SSL/TLS

It is safe to say that SSL and TLS certificates have become the foundation of web security in today’s digital world. It doesn’t matter whether you own a blog with over a thousand followers or manage a million-dollar business website, you will need to use HTTPS or an SSL certificate for protecting the website.

TLS SSL

However, several business owners often ask how SSL helps to secure a website. Before we delve into that, we would like to shed light on what will happen if you do not use SSL certificates on your website. For instance, you will be able to see a drop in the SEO ranking of your website if you do not have an SSL certificate on your website.

It is also important to note that Google will be issuing a ‘not secure’ warning to websites without SSL certificates. This will affect the reputation and growth of your business, which is something most people would want to avoid. Fortunately, you can avoid all these troubles by investing in an SSL certificate.

How To Secure Website with SSL certificate

SSL and TLS certificates can be described as digital certificates, which use encryption for keeping website data secure and safe. If your website is currently running on HTTP, then you will need to add an SSL or TLS certificate to provide an additional layer of security to your website.

Most of you would be aware that HyperText Transfer Protocol or HTTP is an application protocol that is used to share data in the WWW (World Wide Web). HTTP actually works for defining how certain data or information can be shared and used on the web.

What is SSL

It will also dictate how internet browsers and web servers respond to specific actions like responding to requests or commands. HTTP also makes it easy for internet users to interact with HTML files and other resources on the site.

This is accomplished by transmitting hypertext messages between services and browsers through TCP (Transmission Control Protocol).

HTTP makes use of a string of various request methods for completing requests such as GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH, and CONNECT. All types of HTTP servers rely on the HEAD and GET requests, but not all of them support the other types of request methods.

Does HTTP Use SSL or TLS Certificates

As mentioned earlier, HTTP is not secure and it doesn’t use SSL or TLS certificates. If you visit a website with the HTTP protocol, then your web browser might display a warning message. This is to indicate that the site you are visiting is not safe and secure.

The reason why HTTP is not secure and safe is that all responses and requests are delivered as plain text. As a result, anyone will be able to access and see the responses and requests that are being shared. This means that hackers may maliciously modify, steal, or delete the data.

How SSL And TLS Certificates Makes HTTP Secure

Website owners and admins will be able to make sure that all responses and requests shared within their website are secure and to do so, you need to purchase SSL certificate. SSL certificates will help businesses by encrypting all HTTP responses and requests.

The TLS/SSL certificate technology is capable of transmitting all responses and requests into a format, which hackers and cybercriminals will not be able to interpret or access.

In the case of HTTP, all requests will be in simple plain text, which makes them an easy target for hackers, but that’s not the case when using SSL certificates.

Websites that are using TLS or SSL certificates for encrypting responses and requests will be able to transform the data into a random mix of letters and numbers. This means that hackers will not be able to read or interpret the information.

So, if you want to ensure that your website is secure, then it is best to get in touch with reliable SSL Certificate providers to buy a digital certificate. Here are a few effective ways that will help you to bolster your SSL security.

Install The Site Seal

Most website admins and business owners might probably know that SSL certificates come with a site seal. If you are not aware of this, then you should note that the site seal will contain the name of the certificate issuing authority.

The website seal that comes with the certificate indicates that a reliable and professional third-party authority has issued and verified the identity of your business.

Businesses that place the website seal at the exact place on the website will be able to easily remind visitors that you are a trusted entity with whom you can do business.

Implement HSTS

There is no point in purchasing and installing an SSL certificate if your site is still available over the HTTP protocol. This is why businesses must direct users to HTTPS instead of HTTPS. If you are wondering how to do it, then HSTS (HTTP Strict Transport Security) is the solution you are looking for.

HSTS serves the crucial purpose of preventing your website from protocol downgrade attacks and cookie hijacking. HSTS forces internet browsers to make connections only over HTTPS.

Generate A CAA Record

If you already have a preferred Certificate Authority and if you only want them to issue TLS/SSL certificates, then you should be looking at certificate authority authorization (CAA). You will need to generate a CAA record for your website.

Once you have done that, no other certificate authority (other than the ones you allow) will be able to issue SSL certificates for your site. This will help you avoid the chance of mis-issuance from both your and CA’s side.

Wrapping Up

SSL certificates are great when it comes to offering adequate protection for your website. That said, SSL certificates should not be considered as a one-stop solution. This is mainly because SSL certificates facilitate the encryption and offer authentication for data-in-transit.

This means that SSL certificates encrypt data when it is transmitted back and forth between the server and the browser. This type of transmission is critical when securing the sensitive data of users such as passwords, credentials, and credit card details.

Unfortunately, this is not enough to get ahead of hackers and cybercriminals. This is why you should implement a comprehensive security strategy for your website. The above-mentioned tips will help you to bolster your SSL security.

11 Best Practices for Best Firewall Settings

George Mutune
-
0
11 Best Practices for Best Firewall Settings

Typically, best firewall settings include action components that decide if a firewall will permit or block traffic based on a match feature. For instance, if the traffic meets the rules specifications, then it connects to the network. That way, organizations can leverage the firewall to block presumably malicious traffic in public networks from getting to internal networks.

It is vital to consider potential security threats when modifying firewall rules to prevent unforeseen issues. We have put together a list of the best practices for fine-tuning your firewall settings to help you maximize the security tool’s effectiveness. It is necessary to understand that the exact procedures for modifying your firewall settings differ based on the firewall make and model, as well as whether it is a software or hardware-based firewall tool. However, regardless of the firewall technology in use, following these best practices will help you get the best out of your solution.

1.     Document the Firewall Rules

Unquestionably, an organization has thousands of firewall rules and policies crucial to its performance. Furthermore, not all rules are mutually exclusive, and some directly affect another set of rules. The simplest mistake can, in this case, trigger a massive security loophole that allows malicious traffic to sneak in while blocking legitimate traffic. In effect, it is vital to document all firewall rules for enhanced security and optimum performance.

Organizations need to document every firewall rule to establish the rule’s actions. Documenting existing and any new rule involves tracking information such as the rule’s purpose, the affected application and web server, the affected users and devices, the date the rule was created and the expiration date, if applicable, and the rule’s author.

2.     Establish a Proper Firewall Rule Change Procedure

After documenting your firewall rules, it is crucial to create a formal change procedure. By and large, you will need to update your specific rules and overall firewall policy for any new services, servers, devices, or users added. Before making any changes, an organization should establish a formal change procedure that outlines the change request process for users or devices requiring modifications to specific configuration changes. PSI DSS Guide recommends that security administrators plan the process of adding, changing, or deleting firewall rules so that the performance of the existing ruleset is not adversely affected.

Additionally, the procedure should feature a formal review process for analyzing new modification requests and establishing the best course of action for security rules and practices. You can also add a way of testing the new change requests on the production firewall rules and default settings. On top of that, the security rules change document should provide detailed information on ways to deploy the tested now modifications into production and a process to validate that the new settings are operating fittingly. Finally, there needs to be a method to ensure you track and document all changes.

3.     Ensure Your Firewall is Secure

Securing your firewall is a significant first line of defense in configuring and managing a secure firewall. Always ensure that your firewall is not performing unsafe actions properly. PSI DSS Guide lists the basis firewall security steps as follows:

  • Disable the simple network management protocol (SNMP)
  • Rename, disable or delete any default user account
  • Change all default passwords
  • Create additional administrator accounts based on responsibilities for multiple personnel who will manage the firewall

4.     Default Block Behavior

Security experts recommend that you start by blocking all traffic and unauthorized access by default and only allow specific traffic to identified applications and servers. This default configuration sets a baseline control over the traffic and downplays the likelihood of a cyberattack. Markedly, you can achieve the default block rules behavior in firewalls by configuring the last rule in access control lists to block traffic. You can then add explicit firewall rules to modify the configurations based on the platform.

5.     Set Explicit Firewall Rules after Default Block Behavior

Set the most explicit firewall rules at the top of the rule base. The rules act as a starting point for matching traffic by managing what the firewall permits or blocks. A rule base classically works on a top-down protocol, with the first rule in the list performing the initial action. In this case, if the first rule permits the traffic, the remaining rules will not assess it again.

In most cases, standard regulation authorities such as PCI DSS, NIST, ISO, SANS, and NERC guide security administrators to evaluate network security from a firewall configuration perspective. As an example, SANS Institute’s Security Consensus Operational Readiness Evaluation Firewall Checklist provides the following order that you can adopt during the firewall setup:

  • Anti-spoofing filters – blocked private addresses and internal addresses appearing from the outside
  • User permit rules – for example, allow HTTP to public webserver
  • Management permit rules – for instance, SNMP traps to the network management server
  • Noise drops – as an example, discard OSPF and HSRP chatter
  • Deny and alert – alert systems administrator about suspicious traffic
  • Deny and log – log remaining traffic for analysis

Since firewalls operate on a first-match basis, it is essential to follow a structure such as the one recommended by SANS to ensure that suspicious traffic is blocked instead of inadvertently allowing them in by failing to follow the correct rule order. 

6.     Set Cleanup Rule/ Explicit Drop Rules

Properly configured firewalls designedly drop all blocked traffic. You can place a cleanup rule at the bottom of each security zone context as a safeguard to stop unauthorized traffic from passing through the firewall. You can define the cleanup rule (any-any-any drop rule) that provides a catch-all mechanism as follows:

              Source = ANY

              Destination = ANY

              Service/Application = ANY

              Action = DROP

              Logging = Enabled

7.     Modify Accept All Rules

The “Accept All” rule can cause traffic to block a process or system from reaching its full productive potential. Therefore, it is essential to remove it from your firewall policy and only allow legitimate IP addresses to private networks connections.

8.     Audit Logs

Customarily, security tools like Windows firewall come with built-in reporting tools that provide detailed information about your network traffic. So naturally, the tool generates firewall logs for auditing any changes or anomalies that might require modifications to firewall settings. Better yet, maintaining audit logs can also help in firewall optimization.

PSI DSS Guide states that firewall audit tools automate analyzing complex and bloated rule sets to validate and demonstrate enterprise access controls and configuration change management processes. eSecurity Planet also notes that some of the most advanced tools include artificial intelligence or machine learning capabilities that can help you spot essential details that you might have otherwise missed. In this case, logs provide data that show unused or activated firewall rules. Log data also reveals false positives on traffic that was not supposed to trigger an alert. Overall, audit logs present vital information that guides changing firewall rules to improve service and enhance security.

9.     Maintaining Firewall Rules

Networks constantly change by gaining new services, devices, and users. Consequently, organizations need to add or review firewall rules to allow access to new services and applications. Sometimes the process involves deleting old firewall rules. All things considered, it is a best practice to establish a regular maintenance schedule to make updated changes to the firewall policy.

PCI DSS requests actions like deleting any unhelpful and unused firewall rules and expired ones to clean up your firewall policy. Additionally, the regulation recommends disabling unused connections and source/destination/service paths in firewall rules. Security administrators should also apply object naming conventions that make the rule base easier to understand.  

10. Patching / Updating the Firewall

Always keep the firewall updated with the latest patches and firmware. Failure to update the security tool leaves it vulnerable to attacks and renders firewall rules useless. Next-generation firewall vendors regularly release software updates to address new potential security threats by making minor changes to the solution. Subsequently, it is essential to keep updating your firewall software to ensure your IT environment is secure with no potential security gaps.

11. Automating the Firewall

Organizations embrace new technologies that require constant updates to firewall rules. Apart from that, network administrators manage several applications, servers, devices, and users, requiring different new rules and modifications of existing ones. As a result, IT personnel may get flooded with many requests requiring time and resources to analyze and determine the best course of action. Such constraints can lead to outdated, unused, unaudited, and overly permissive firewall rules, which downgrades firewall performance and can result in increased cyberattacks.

Fortunately, an automation solution for firewall configuration updates can help follow the established firewall rule change procedures. In addition, eSecurity Planet reveals that automation typically enables you to prevent mistakes and avoid firewall failures. Better yet, the solution allows administrators to perform higher-level functions necessary for increased security. 

Conclusion

Ultimately, these best practices for firewall configuration guide you in setting a security mindset and maintaining a secured network and system. In any business, firewall configuration changes are vital to network security, and it is indispensable to streamline rule changes and remove configuration gaps. Besides that, it is crucial to record all configuration changes in real-time and generate logs or trigger notifications whenever a security administrator modifies a rule.

In effect, security personnel must strike a balance between the need for enhanced security and the need for fast performance when configuring network firewalls. This article articulates steps they can take to fine-tune their firewall rules to achieve an ideal balance between security and speed.

VoIP Considerations

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
VoIP Considerations

Voice over Internet Protocol (VOIP) was initially developed to reduce the cost of long-distance and international calling.  At the time of its development in 1995, any phone call outside the caller’s local calling area would incur per-minute costs from the caller’s local phone service provider.  The only alternative was to purchase a costly service bundle that included local exchange and toll calling for a single charge (FCC, n.d.)  Such service bundles would allow for an expanded calling area but did not include long-distance toll calls and international calls.  The development of VOIP allowed consumers and businesses to bypass the traditional phone providers to use their computers instead of landline phones.  The primary complaint of VOIP calls in that era was the disappointing voice quality resulting from the low bandwidth provided using Digital Subscriber Line (DSL) over traditional twisted-pair copper phone lines and other similar early network configurations.  As the data networks evolved to provide higher bandwidth capabilities, the use of VOIP expanded and became a widely accepted solution.  The introduction of Skype in 2003 was a “real world” use of VOIP that propelled the advancement of VOIP technology.  By 2005, Skype added video chat and other features that further drove its growth.  Session Initiation Protocol (SIP) is a protocol that is used in most implementations of VoIP).  SIP is used to establish the communication session, manage the signaling and terminate the connection.  SIP, however, is not limited to VoIP applications.  Along with voice, SIP is used for other communications, including video and chat.

Advantages of VoIP

While the development of VoIP initially had the objective of reducing calling expenses, the technology has enabled many new communications capabilities and flexibility that is not feasible using traditional telephony technology.  However, cost reduction remains a primary advantage of VoIP when compared to other technologies.

Portability is another advantage of VoIP technology.  Since the communications sessions are transmitted over the Internet, VoIP can be used anywhere that there is an Internet connection.  Many businesses who use VoIP have taken advantage of this advantage during the COVID pandemic.  Since much of the workforce was required to shift from working in offices to working from home, VoIP was instrumental in this transition.  Communications using VoIP allow the employees to communicate from home in the same manner, they did from the office.  VoIP made this shift to remote work relatively seamless.  Without VoIP, such a rapid work environment change would not have been feasible.  The portability of VoIP has been a driving force in the ability for employees to work in decentralized locations all over the world.

VoIP services also offer more features than traditional telephony services.  All conventional services are available, including call forward, call waiting, caller ID, call transfer, etc.  VoIP, however, can offer services such as call queues and the ability to place callers on hold without the extra expense of an in-house private branch exchange (PBX) system and multiple phone lines.  Beyond this, VoIP providers integrate conference calling, video conferences, chatting, and other types of communications into their unified communications offerings.

As stated above, the adoption of VoIP was slow due to bandwidth constraints in the 1990s.  Bandwidth constraints are no longer an issue in many parts of the world.  Today, one of the advantages of VoIP is that it provides superb voice quality that is as good or better than traditional telephony services.

Disadvantages of VoIP

A disadvantage of VoIP is that it relies on a computer or device that requires external power.  A power outage will disrupt your communication until power is restored.  This is why many businesses and some homes continue to have Plain Old Telephone Service (POTS) lines available as a backup to VoIP.  POTS lines do not require an external power source to operate.  The copper pairs that are used to transmit the voice single also carry the voltage to power the communication.  Unlike VoIP, POTS lines will continue to operate during power outages.  Telephone providers house the equipment that is required for POTs lines in local facilities called Central Offices (CO’s).  Each CO is equipped with Uninterruptable Power Supplies (UPS) systems that include battery racks that power the phone lines during outages.  COs that service highly populated metropolitan areas also have backup generators that can power the phone lines during extended power outages. 

While the quality of VoIP is no longer a widespread problem, there is still the concern that VoIP relies on network connections.  If there are network performance issues, the result can be evident during VoIP communications creating quality issues such as resonance, delays, and background noise.  Performance issues can be addressed by ensuring that there is plenty of bandwidth available.  Rural areas and areas with limited internet bandwidth availability may not be able to implement VoIP without experiencing quality issues.

Sip Trunking

SIP trunking breaks down the voice or data into digital packets and sends them across the network (known as packet switching).  I have had the opportunity to manage the implementation of SIP trunking at large organizations and have seen the importance of proper configuration and quality of service (QoS).  QoS is a set of technologies that work on a network to guarantee its ability to dependably run high-priority applications and traffic under limited network capacity (What is QoS, n.d.). Tier 1 QoS is required for SIP trunking because this protocol is susceptible to throughput, jitter, latency, and errors.  VoIP, video conferencing, and other communications applications that are provided over SIP are very sensitive to the effects of network quality and require Tier 1 QoS.  The user experience of other applications such as web browsing and email is not impacted as much by QoS and can work at lower QoS tiers.

Session Initialization Protocol (SIP) trunks provide a widely acceptable and standardized method to get at least basic connectivity between a wide range of different call control solutions, including both voice and video (Hattingh, et al., 2010).  SIP is a commonly-used protocol for VoIP, video conferencing, and other communications services and replaces traditional phone lines and PBX systems.

I have encountered one issue that SIP trunking does not handle well.  The transmission and receiving of faxes are problematic for SIP. Particular codec (compression) settings are implemented with the intent that they can handle fax calls.  In reality, fax calls are not reliable over SIP.  If an organization needs to send and receive faxes (some still do today), a POTs line should be implemented.

References

Local, local toll, and long distance calling. (n.d.) FCC. Retrieved October 31, 2021 from  https://www.fcc.gov/consumers/guides/local-local-toll-and-long-distance-calling

Hattingh, C., Sladden, D.,Swapan, Z. (2010) SIP trunking Cisco Press.

What is quality of service?. (n.d) Paloalto Networks. Retrieved October 31, 2021 from https://www.paloaltonetworks.com/cyberpedia/what-is-quality-of-service-qos

8 Best Firewall for Android Options

George Mutune
-
0
8 Best Firewall for Android Options

Using the best firewall for Android devices is essential in today’s threat environment. Android operating system commands the lion’s share of mobile users globally as of September 2021, accounting for 72.44% of the mobile operating systems market globally. The closest competitor, iOS, has a market share of only 26.75%. Additionally, 80% of the more than 313 million smartphones and tablets shipped between April and July 2021 were running the Android OS.

Undoubtedly, Android is the most popular OS on the planet. The popularity hinges on the OS’s open-source nature, which permits popular mobile phone manufacturers, including Huawei, Samsung, and Xiaomi, to run their devices.

However, the popularity of Android devices exposes users to numerous online risks. For example, Check Point researchers recently discovered cloud misconfigurations that allow misuse of storage, notification managers, and databases. The misconfigurations exposed the data of more than 100 million users, including passwords, names, and email addresses, while causing corporate resources to be vulnerable to attacks. More concerning, recent research found that at least 60% of Android apps are vulnerable to multiple attacks, with the average number of security flaws totaling to 39 per app.

Why Do You Need the Best Firewall for Android Devices?

The security approaches of computers and Android devices are different, and most people don’t regard a firewall application as critical in securing a mobile device. On the contrary, installing a firewall on an android smartphone provides users with full control over apps with internet access to protect mobile data from attacks. Besides, a firewall application permits users to determine android apps that can access and use an android phone network, enabling monitoring of app data usage.

In addition, using the best firewall apps allows you to restrict background data when connected to an internet connection, which extends a device’s battery life. Also, for android games that require an internet connection, you can use a firewall to block annoying ads by preventing the apps from accessing the internet. Ads can be annoying since they pop up every other time.

More importantly, any android device is susceptible to breaches and attacks. As a result, it is pertinent to take recommended precautions to secure personal information stored in android mobile devices by using one of the best firewall for Android Devices options. Enabling the advanced features that come with android firewalls is the right step towards protecting against potential cyber-attacks and breaches. Enabling a firewall app allows users to control the data that specific apps can share or apps that can access the internet.

Lastly, similar to firewalls installed in a network or computer, an android firewall acts as a gatekeeper. Hence, an android firewall can filter network traffic to block malicious traffic from entering your device. That implies that a firewall can help filter incoming traffic and outgoing traffic to prevent harmful network interactions.  

Enable a Firewall in Three Easy Steps

An android firewall allows users to control app interactions with external networks to safeguard data and applications. Fortunately, there are numerous firewall applications to choose from, with each app boasting additional features designed to offer you complete privacy. You can enable a firewall in three easy steps, which are:

  1. Identify the most suitable firewall app: Different firewall applications provide different functionalities and features. Therefore, the first step should be identifying a suitable firewall app that addresses your security issues. A search of firewall apps on the Google Play Store can provide some excellent choices.  
  2. Does your phone require root access? Mobile phones running earlier versions of Android need root permissions to install some firewall apps. In addition, rooted android devices provide super-user privileges where users can write or read system files or modify system configurations.
  3. Install the firewall app of choice: Once you identify a suitable app, install it and accept the necessary permissions, create a VPN connection if required, and configure the firewall to ensure optimized protection.

Best Firewall for Android Devices

1.      AFWall+

AFWall+ is one of the android firewalls that require root access. It is a root firewall app that enables users to control their device’s internet activities better. For example, you can use AFWall+ to control internet access for each app despite whether it is an installed or system app. Notable best features of AFWall+ firewall include the ability to:

  • Export profile settings, preferences, and firewall rules
  • Hide applications
  • Lock and password-protect AFWall+ configurations
  • Support profiles for multiple users
  • Support tether, VPN, and LAN

2.      NoRoot Data Firewall

NoRoot Data Firewall has a clean and simple interface. The firewall’s default configurations notify users once a particular app tries to connect to the internet. Hence, you may decide whether to permit or deny an app from accessing internet traffic. In addition, NoRoot Data Firewall offers access control capabilities where users can control access of individual apps, default mobile data or internet usage, and app behavior when connected to wireless networks.

Moreover, NoRoot Data Firewall logs the network activity of each app and allows users to analyze the IP addresses or websites a specific app connects. Additional features include the ability to block access to IP addresses or individual domains, prevent images from loading to maximize data usage, capture packets, modify DNS server, and throttle bandwidth.

3.      VPN Safe Firewall

As the term implies, VPN Safe Firewall is one of the best firewall for android options that protect a user’s online activities. It has an inbuilt virtual private network that encrypts traffic to prevent access from prying eyes. Also, VPN Safe Firewall comes with added functionalities designed to minimize data usage and preserve battery life. VPN Safe Firewall has a simple user interface that enables configurations per-app basis. Moreover, VPN Safe Firewall notifies users by default once an app attempts to establish an internet connection. VPN Safe Firewall is a free app designed to work with different networks, including LTE, WiFi, 3G, and 4G networks.

4.      NetPatch Android Firewall

NetPatch Android Firewall does not require root access to protect your device. Similar to most android firewall apps, NetPatch Android Firewall permits users to block or allow any IP address, Hostname, or network-based app. In addition, NetPatch Android Firewall stands out from most firewall apps since it enables users to customize each app how it can interact with the internet, even when a device’s screen is turned off.

NetPatch Android Firewall also supports ShadowsocksR and Shadowsocks proxies, a capability not present in most android firewalls. You can use NetPatch Android Firewall as a free app or access premium functions by making in-app purchases. Some advanced premium version features include supporting CIDR network addresses, creating IP or domain groups, blocking apps from accessing specific domain names, and viewing network logs.

5.      Mobiwol NoRoot Firewall

Mobiwol firewall app permits users to prevent individual android applications from accessing the internet via mobile data connection or WiFi networks. Lack of complicated settings and ease of use are some of the factors that make Mobiwol appeal to most android users. Essentially, you can configure the system apps or installed apps that can access the internet by just selecting them.

Mobiwol firewall further notifies users of each app’s data usage to inform whether to restrict some apps from using more data. If the apps use data to the set limit, Mobiwol prevents further internet access or the use of mobile data. The app provides valuable features without the need to configure confusing or advanced options.

6.      InternetGuard Data Server Firewall

InternetGuard Data Saver Firewall is one of the most helpful android firewalls used to block outgoing and incoming internet traffic. While it is a relatively new app on Google Play Store, InternetGuard Data Saver Firewall protects user devices efficiently since it can block all network traffic with a single tap.

Moreover, InternetGuard Data Saver Firewall is easy to use as it lacks complicated configurations or settings present in most firewall apps. InternetGuard Data Saver Firewall also provides numerous advanced features designed to enhance android device security posture. For example, you can protect your privacy by using the no tracking of user data. It also supports various network protocols, among them being UDP, TCP, IPv6, and IPv4 protocols.

7.      NoRoot Firewall

NoRoot Firewall is one of the best Android firewall apps for unrooted mobile devices. It is a feature-rich firewall app that provides users with complete control of device applications. Specifically, NoRoot Firewall enables users to determine the applications that access an internet connection or restrict the access.

Besides, you can gain more nuanced control using NoRoot Firewall by selecting individual apps permitted or prohibited from accessing the internet using mobile or WiFi data. Additional features include blocking access to specific IP addresses and websites. On the downside, NoRoot Firewall does not support IPv6 network protocols and may, therefore, not work on devices using the LTE network connection.

8.      LostNet NoRoot Firewall

LostNet NoRoot Firewall provides numerous which you can configure over a simple and easy-to-use interface. The firewall app enables Android users to not only prevent apps from connecting to the internet but also restrict apps from accessing specific regions or countries. Similar to most non-root firewalls, LostNet NoRoot Firewall manages network traffic through a local VPN. Therefore, LostNet NoRoot Firewall can protect an android device from harmful websites and domains by blocking ad popups.

One of the reasons most users consider the LostNet NoRoot Firewall as a perfect solution is that you can prevent apps from connecting to the internet at specific times. Additional useful LostNet NoRoot Firewall features include network traffic monitoring, the ability to capture data packets for analysis, support profiles of different users, instant notifications and alerts, and the power to prevent apps from accessing untrusted networks. However, LostNet NoRoot Firewall is not a free app, and users must part with approximately $0.80 to access the premium version.

Open-Source vs. Closed-Source Software, what’s Best for You?

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Open-Source vs. Closed-Source Software, what’s Best for You?

We are living in an age of technology and automation where software products have become an integral part of our day-to-day lives. The software can be divided into many types, but the two main categories remain open-source and closed-source.

This article will compare two types of software based on development, support, flexibility, cost, and cybersecurity.

Before the comparison, let’s first build an understanding of what open and closed-source software are.

Open-Source Software

In open-source software, the source code is available to every user. Users can read, copy, delete, or modify the code or parts of it. Users can also use a portion or all of the code to make a program of their own. The Android operating system is a prime example of open-source software.

Closed-Source Software

Closed-source software is the exact opposite of that. The source code of this type of software is encrypted and out of the access of common users. The user is unable to delete, edit, modify, or otherwise change the code. If they do it, it can have implications ranging from voiding warranty to legal complications. An example of this is the iPhone’s iOS.

If you want to decide which one would be the best for you, here is a comparison of various aspects of both, and at the end we’ll conclude the discussion, suggesting which one you should use.

Development

A designated team of developers develops closed source software. This team is responsible for developing, securing, and providing support for closed-source software. It is the team’s discretion to continue updating and providing support for the software or not.

Open-source software is developed and released by a team and is open to improvement and updates through ‘mass collaboration.’ Anyone can add features or update the software, and these improvements keep coming as long as the community is active.

If we compare open-source and closed-source software with the development point of view, open source has an edge. The updates, improvements, and support for closed-source software will end when the team decides to pull the plug on the project. In the case of open-source, you can keep getting updates for a longer time. Even if the community is no longer contributing, you can get the services of a developer or improve the software on your own.

Security

The security aspect is the most debatable one among closed-source software. As you do not have access to the source code, you cannot determine how secure closed-source software is. There can be flaws in the security of the software that the developers might have overlooked. In extreme cases, if the software is not from a reputable source, it can have intentional features to compromise your security. The security of closed-source software is only as good as the reputation of the team behind it.

Open-source software has its problems related to security. Anyone who can contribute to the code means that anyone with bad intentions can rig the code with unsafe components. However, if someone does this, other community members can quickly identify such abuse, and the issue can be rectified.

In short, the security aspect looks like this: closed source is only as secure as the reputation of the company developing it, and open source’s security depends on how active the community surrounding it is. However, the solution to the security shortcomings of open-source software is SCA Tools. You can use these to ensure that the code does not contain anything that can be a potential security threat.

Support

Like any commercial product, closed-source software comes with complimentary support. If you face any issue, you can contact the support team via call or email, and they will respond and fix the problem for you.

In the case of open-source security, there is no official or dedicated support team if you encounter any problems. However, that does not mean you cannot get support. Popular open-source software typically has thriving communities and forums where you can discuss your problems with fellow software users.

Regarding support, closed-source software has an advantage. There is a well-built structure, and dedicated support teams are there to provide you with all the support you might need during the use of the software.

Flexibility

Closed-source software is only as flexible as the developers have made it to be. You cannot change the core functions as they are limited to what was programmed by the developers. The only flexibility in this kind of software is on the front-end in the form of customization and personalization. iOS, for example, lets you change the wallpaper and home screen layout, but you cannot modify it to use on devices other than the iPhone.

If you try to change the core functions, it can void the warranty of the software product or even have legal implications.

Open-source software, on the other hand, is built around the idea of flexibility. Having access to the source code lets you modify and even add functions to the software. Android, for example, offers users to make custom versions of it for different devices and modify functions as much as they need.

Flexibility is an area where closed-source is way behind open source. Open source is way more flexible and scalable as compared to closed-source.

Cost

Closed-source software can follow many pricing models, but the most common ones are subscription and upfront cost. This cost gives you a limited set of rights on the software. You can use it only according to the end-user licensing agreement (EULA). Having paid for the software does not mean you can get access to the source code.

Open-source software does not have any direct costs associated with it. The software itself is free, but if you want additional features or support from third-party developers, you’ll need to pay for that.

Considering the cost, open-source makes economic sense if you have a large-scale application, and closed-source is better for limited or personal use.

Which one is the Best for You?

If you are looking for something flexible, scalable, and cost-effective, open-source is the way to go. If you have a particular use case and do not want to get involved with how the software works at the backend, you’ll be better off with closed-source.

Wireless Network Security Considerations

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Wireless Network Security Considerations

The increasing proliferation of wireless networks in businesses, public places, and private homes, along with the widespread use of smartphones, tablets, computers, and IoT devices, has resulted in a vastly increased attack surface for malicious actors.  Security in both business and non-business environments is essential for the protection of valuable data and personal information.  While businesses and organizations invest significantly in wireless network security, security in-home wireless networks are often not considered.  Both business and home networks face the same risks related to wireless networks.  Some of these risks include piggybacking, wardriving, evil twin attacks, wireless sniffing, unauthorized computer access, shoulder surfing, and theft of mobile devices (Securing wireless networks, n.d).  Some general best practices security concepts for wireless networks include strong passwords policies, encryption, the use of appropriately configured firewalls, restriction of access using Mac Address Filtering (Cisco), and ensuring that software is up to date.

Encryption

All wireless networks should be secured by effective encryption standards.  Older versions of wireless encryption such as WEP and WPA should not be used because they are easily hacked using widely available key cracking tools.  Both home and business wireless networks should use WPA2 or WPA3 encryption to secure their data.  WPA2 uses strong Advanced Encryption Standard (AES) encryption and effectively protects data transmitted over wireless networks.  However, WPA2 can be vulnerable to password attacks such a Dictionary Attacks and Password List attacks.  Dictionary attacks use automated software to quickly try thousands of common passwords to access the wireless network.  Password List attacks are similar to Dictionary Attacks, but they use lists of common passwords available on the Dark Web.  WPA3 is the latest developed standard for wireless encryption (Wireless security protocols, n.d.).  WPA3 also uses AES encryption and has protections that prevent Dictionary and Password List attacks. 

Wireless piggybacking is a wireless attack that can be mitigated using encryption.  Piggybacking is when unauthorized users connect to the wireless network. This real-world threat can occur when the network is not adequately secured using a robust encryption standard such as WPA2/WPA3.  Piggybacking often occurs when a person uses a neighbor’s Wi-Fi without permission or parks outside a business location to connect to the business’s wireless network without permission.  Encryption must be paired with a strong password to ensure effectiveness.  The use of strong passwords can be an inconvenience to users.  Therefore, users often create passwords that are composed of simple words that are easy to remember.  These easy-to-remember passwords are also easy to crack using tools such as Aircrack-ng and BoopSuite.  Therefore, strong wireless passwords should be used for both business and home networks. 

Firewalls

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules (What is a firewall, n.d.).  There are two categories of firewalls: software firewalls and hardware firewalls.  Software firewalls is a program that is installed on a computer that inspects and filters data that may be malicious.  Hardware firewalls are separate devices that inspect and filter data before it gets to the network.  

Firewalls can be either stateful or stateless.  Stateful firewalls scrutinize multiple aspects of network traffic, including the context of the traffic.  These firewalls analyze the communication channels and characteristics of the data to determine what traffic is permitted.  Stateless firewalls, on the other hand, inspect the packets alone without considering the context.  Stateless firewalls are generally less expensive and are faster than stateful firewalls.

Firewalls on wireless networks can help prevent attacks such as malware and viruses by stopping this malicious traffic before it enters the network or device.  Firewalls should also be deployed on mobile devices such as phones.  Attacks in which other devices attempt to connect to a phone or mobile device can be thwarted with a properly configured mobile firewall.

Restrict Wireless Access using MAC Address Filtering

Access to wireless networks can be restricted through the use of MAC address filtering.  Since every device has a MAC address, the network can be configured only to allow connections from specifically authorized devices.  MAC address filtering enables the organizations to allow connections from devices that meet required security requirements and pre-screen for malware or viruses threats.  Organizations may even choose to enable company-owned devices and prevent personally owned devices from connecting to the network.  Restrictions such a these can be a powerful method to reduce the attack surface of a wireless network.

Wireless Network Design

The wireless network should be designed to limit the ability to access the network from outside an organization’s workspace.  Wireless networks must meet the users’ needs but can also be configured to restrict the ability of intruders to gain access to the wireless signal.  This can be accomplished by positioning the wireless access points in the center of the building or strategic locations within the workspace and adjusting the signal strength so that the wireless signal does not reach outside the building. 

SSID Broadcasting

The Service Set Identifier (SSID) is the broadcasted name of the wireless network.  It is common for manufacturers to use the same SSID for all wireless routers that they produce.  Therefore, it is essential to change the default SSID so that the router manufacturer is not disclosed.

SSID broadcasting can be disabled so that the network is not discoverable.  This can be helpful because it will prevent the causal user from attempting to connect to the network.  However, disabling the SSID is not a real security measure because it does nothing more than hiding the network name.  The network is still easily discovered using Kismet or other programs that look for available networks without SSID broadcasts.

References

 Securing wireless networks. (n.d.). Cybersecurity & Infrastructure Security Agency. Retrieved October 25, 2021 from https://us-cert.cisa.gov/ncas/tips/ST05-003

Wireless security protocols, (n.d). Cisco. Retrieved October 25, 2021 from https://ipcisco.com/lesson/wireless-security-protocols/

What is a firewall?. (n.d.). Cisco. Retrieved October 25, 2021 from https://www.cisco.com/c/en/us/products/security/firewalls/what-is-a-firewall.html

3 Powerful Elliptic Curve Cryptography Encryption Advantages

George Mutune
-
0
3 Powerful Elliptic Curve Cryptography Encryption Advantages

Elliptic curve cryptography encryption is a modern public key cryptographic system that is widely popular because it is more efficient, faster, and smaller compared to most cryptographic solutions. ECC is based on the elliptic curve theory that enables the creation of more efficient cryptographic keys. In addition, ECC’s asymmetric encryption has smaller key sizes making it lightweight.

Understanding ECC

Existing public encryption methods, including RSA and Diffie-Hellman, generate large numbers requiring high computational power. Therefore, they need vast resources to encrypt applications and may be unsuitable for use in resource-constrained mobile applications. The use of elliptic curves enables the creation of keys that are more efficient and faster. With ECC, the elliptic curve equation features generate mathematically robust and complex keys that provide a higher level of security. In addition, elliptical curve cryptography uses shorter key lengths that provide robust protection and are thus effective for securing mobile applications.

Applications of ECC

ECC encryption is one of the widely used application methods for digital signatures for popular cryptocurrencies like bitcoin. The cryptocurrencies utilize the Elliptic Curve Digital Signature Algorithm (ECDSA) key for cryptography purposes and signing transactions. Elliptic curve cryptography is applied in digital signatures using ECDSA key during key pair and key exchange. Also, different parts of SSL standards use ECDSA signing SSL certificates because of the low resources used. Other applications of ECC include:

  • Proving ownership of cryptocurrencies like bitcoins
  • Securing internal interactions and confidential data of the US government
  • Maintaining and preserving anonymity for users using the TOR project
  • Providing encryption signatures in Apple’s iMessage communication service
  • Enable secure web browsing

Is ECC Different from Other Public Key Encryption Methods?

Organizations use ECC cryptographic algorithms for similar reasons as to why they would use RSA algorithms. For example, both RSA and ECC generate a private key and a public key infrastructure to enable two users or devices to communicate securely by exchanging a shared secret. However, the ECC public key encryption techniques have some benefits over RSA and other encryption methods. For example, a 256-bit ECC key provides almost an equivalent security level as a 3072-bit RSA key. Also, the elliptic curve cryptography algorithm permits systems with constrained resources, such as computational power, to utilize approximately 10% of the bandwidth and storage space that RSA algorithms would require.

Since ECC is based on the elliptic curve theory, it uses the properties of the elliptic curve equation to generate encryption keys. The approach contrasts with the traditional method of generation, where public-key cryptography algorithms generate large prime numbers. Other public-key cryptographic methods, such as Diffie-Hellman and RSA, can be used with the ECC encryption technique. Research shows that ECC cryptographic systems provide a level of encryption and protection using a 164-bit key, while other systems would require a 1,024-bit key to offer the same level of security. Because ECC security systems use small keys to provide high protection with lower battery resource usage and computing power, it is a preferred method for protecting mobile applications.

ECC Trapdoor Function

The ECC trapdoor function is one of the primary reasons the elliptic curve key is more effective and different than the RSA cryptographic key. The trapdoor function is a mathematical algorithm used in the ECC encryption method. The algorithm involves the hops needed to get to a various set of points and works as follows:

  1. First, you start on an arbitrary point on an elliptic curve and use the dot function to locate a new point.
  2. When you start at A:
  3. A dot B =-C (connect points A and B with a line that intersects at -C).

Source Ars Technica

  • Reflect from –C to C across the X-axis and A dot C = -D (connect A and C with a line that intersects at -D).

Source Ars Technica

  • Reflect from –D to D across the X-axis and A dot D = -E (connect A and D with a line that intersects at -E).

Source Ars Technica

  • Reflect from –E to E across the X-axis.

This is a good trapdoor function because if a user knows the starting point (A) and the hops needed to reach the ending point E, it is simple to locate the ending point. However, if the user only knows the starting point and ending point, it is challenging to determine the number of hops needed. The same approach applies in ECC cryptography, where the public key cryptography is the starting EC point A to the ending EC point E, and the private key is the number of hops needed to get from A to E.

Advantages of Using ECC

ECC keys are smaller and more efficient compared to those of RSA and other public cryptographic methods. Thus, elliptic cryptography using public-key encryption is easier to process but challenging to reverse. In contrast, RSA encryption is based on the theory that a product of multiplication of large prime numbers is simple but factoring the product to go back to the original prime numbers is challenging.

In this regard, the usual 256-bit ECC key size is equivalent to a 3072-bit key length. The use of smaller, simpler, and more efficient ECC keys places ECC cryptography at an advantage. It is better than RSA cryptographic methods with the ability to consume fewer resources and less energy in small mobile devices.

Furthermore, ECC encryption is usually used together with Diffie-Hellman to enhance performance. ECC encryption does not perform RSA’s functions of communication and authentication, but it generates the ephemeral DH session key through the assistance of an elliptic curve private key. The associated SSL cipher suites contain the ECDHE-RSA encryption that complements DHE-based cipher suites.

The primary benefit of the elliptic curve cryptography used in conjunction with Diffie-Hellman (ECDHE-RSA) over using a plain Diffie-Hellman (DHE-RSA) is it has optimized performance, provides a similar level of protection but with lesser keys.

While there may be concerns regarding implementing ECC certificates, which include a source of random numbers for making signatures, the benefits of elliptic curve cryptography outweigh those of the traditional RSA algorithm. Besides, emerging technologies like quantum computing place traditional public encryption methods at risk of being compromised, leaving ECC encryption as a viable replacement option.

RFID Security Vulnerabilites

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
RFID Security Vulnerabilites

As with any other wireless technology, RFID is prone to security vulnerabilities. RFID tags can be counterfeited, spoofed, sniffed, and even carry viruses that infect RFID readers and their associated networks. Imagine that your organization has decided to adopt RFID tags to improve supply chain management. What are at least three methods that could be used to secure the RFID tags better?

There are security risks associated with wireless technologies, and (Radio Frequency Identification (RFID) tags are no exception. These security risks include viruses, replay attacks, spoofing, RFID sniffing, tracking, and other attacks. Organizations should implement security best practices to mitigate these risks when adopting RFID tags to improve supply chain management.

RFID tags are vulnerable to virus attacks. RFIDs connect to backend databases that may contain valuable data. The RFIDs have code known as “Middleware” that enables communication and data management. This middleware connects the RFID and the database together (Microsoft). Middleware is often composed of many lines of code that may contain vulnerabilites that hackers could exploit to access the backend database. Mitigation steps against RFID virus attacks would include code reviews to identify vulnerabilities. In addition, organizations should have a robust patch management plan in place so that the database software is kept up to date.

Sniffing attacks are a concern for RFID tags. In this type of attack, the attacker reads the RFID signal using a device that acts as an RFID reader. The fake reader captures the data from the RFID tag that the attacker may use for malicious purposes. This type of attack can be mitigated using encryption.

Malicious actors can also track RFID tags. Tracking attacks give the attacker information about the movement and location of the RFID tag (and the item to which it is attached). Tracking attacks are difficult to mitigate, even if the communication between the RFID tag and the reader is encrypted. In many cases, the organization must accept this risk when they implement RFID technology. A potential mitigation to this type of attack is to implement the ability to turn the RFID tags off so that they are not constantly trackable. However, this may defeat the purpose of the RFID tags for many applications.

RFID tags can be valuable to improve supply chain management. However, RFID tags are vulnerable to viruses, sniffing attacks, tracking attacks, and the exploitation of other vulnerabilities that exist in wireless technologies.

https://azure.microsoft.com/en-us/overview/what-is-middleware/
https://www.computype.com/blog/ways-to-protect-your-rfid-data-from-security-threats

5 Tips for a Safe Online Banking Experience

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
5 Tips for a Safe Online Banking Experience

Partly because of physical restrictions but mostly due to convenience, online banking is now part of our daily norm. In a 2021 report, security website SecurityInfoWatch shared that online banking usage is now at an all-time high of 85%. That said, over one-third of Americans have admitted to not employing the necessary precautions online.

Though the security of online banking continues to evolve daily, the tactics and sophistication of cybercriminals are, too. With TechJury sharing that over 63% of all cybercrime is financially motivated, here are some useful tips you can practice to safeguard your online banking experience.

1. Only use secure or private Wi-Fi networks

Public or free Wi-Fi may seem tempting, but it opens you up to everyone else who can access it. Cybercriminals can intercept information like passwords, card details, social security numbers, and usernames via a public connection. So, when out and about, it’s always best practice to use your mobile data or to have a virtual private network (VPN). Otherwise, save your browsing and banking for when you’re in the privacy of your own home, using your Wi-Fi.

2. Use apps or digital wallets

Malware can be unwittingly downloaded on basically every device that can access the Internet. However, this keystroke-tracking software most often targets personal computers or laptops. As such, instead of doing your banking on the bank’s official website, you may be better off on a digital wallet or app via your mobile device. As explained by finance resource AskMoney, digital wallets are often designed to be highly secure, with the most pertinent data encrypted. Most apps and digital wallets are also enabled with extra security features, like automatic log-outs if you’ve been idle for too long. In addition, digital wallets and apps have a lower risk of being compromised even if you lose your device since you can remotely freeze or disable them.

3. Never share your personal details

As previously mentioned here on CyberExperts, identity theft is one of the most common cybersecurity threats. The banking sector is estimated to lose over $10 million to identity theft annually. To avoid this, never share or upload your banking details and personal information online. Even if you think you’re just sending your data to a trusted relative, this is now information that a savvy hacker can access. You should also be careful about the seemingly non-consequential personal information you post publicly. For instance, your social media posts about your child’s birthday or your tribute to your pet can be used to bypass banking security questions. If you must share your personal details, make sure you’re on a secure site with privacy settings enabled.

4. Sign up for regular alerts

You may find it bothersome to get alerts and notifications, but these can drastically reduce the chances of fraudulent purchases being charged to your account. By staying updated regarding your online banking transactions, you have a virtual paper trail that will show you if any unauthorized purchases or withdrawals have been made. Depending on your online banking provider, you can sign up for text or email alerts. They can also be tailored so that they are only sent to you in certain events like if a large transaction is being made or if your balance is lower than normal.

5. Enable multifactor authentication and passwords

According to online publication ZDNet, one in every 142 passwords is still 123456. In fact, a 2020 study of one billion leaked credentials revealed that seven million of these used the aforementioned password. Conversely, 99.9% of all cyberattacks have successfully been blocked by multifactor authentication (MFA) involving powerful passwords. That said, make sure your password doesn’t have any personal connection to you, is at least 14 characters long, and has a variety of letters and symbols. On top of this, you should also turn on your MFA just to add a layer of security before granting access to your account.

Online banking is safe, fast, and reliable. However, it’s not impenetrable. Hence, users are still responsible for making sure their data is safe, and cybercriminals have no gaps to squeeze through. After all, banking has always been a two-way street involving the bank and its clients.

For more cybersecurity tips and news updates, check out the rest of our content on the CyberExperts website.

The Awesome job of Cybersecurity Forensics Analysts

George Mutune
-
0
The Awesome job of Cybersecurity Forensics Analysts

Criminal investigations focused on handling and resolving cybersecurity incidents can be an uphill task. Hackers leverage advanced technologies to execute cyber-attacks, evade detection, and erase traces of their crime scenes. As a result, companies require the services of computer forensics analysts to investigate and solve complex cybercrimes. Essentially, forensic investigators assist organizations in the private sector and law enforcement agencies in criminal justice in identifying, uncovering, extracting, and documenting digital evidence following an adverse cyber incident. Specifically, forensic computer analysts work closely with law enforcement agencies to investigate criminal activities and retrieve manipulated, lost, or stolen data from digital devices.

Role of Cybersecurity Forensics Analysts

Today, almost every legal case has some form of digital element tied to the case’s investigation procedures. As such, digital forensics investigators are critical in spearheading forensics analysis for criminal cases that require the acquisition and preservation of digital evidence. Likewise, information security analysts pursue the required digital answers by applying practical experience and knowledge to extract relevant digital data. Therefore, computer forensic experts must possess sufficient knowledge of numerous computer software and hardware products, mobile devices, information systems, and networking systems.

Armed with the knowledge, computer forensics professionals can analyze the recovered data, perform forensics investigations, and use the investigation results to reconstruct how a crime unfolded. In addition, in most criminal or civil cases, computer forensics specialists appear as expert witnesses. The following are some of the roles of a digital forensics specialist:

  • Use advanced cyber forensics software to collect and preserve digital evidence from computer networks, data storage devices, flash drives, hard drives, and mobile devices.
  • Manage and track digital evidence.
  • Detect and document procedures, methods, and strategies that hackers use to commit cybercrimes.
  • Develop technical reports and briefs based on a forensics investigation’s outcomes.
  • Provide expert testimony

Why You Should Consider Cybersecurity Forensics Analysts Jobs?

The demand for cybersecurity professionals is growing rapidly due to the explosive growth of digital technologies. However, there is a persistent shortage of adequate cybersecurity forensics talent as there has been a 350% increase of open forensic specialists’ positions between 2013 and 2021. In addition, digital forensics analysts are poised to become essential in investigating targeted attacks directed towards the expanding technologies due to the continued proliferation of information, applications, and computer networks.

Furthermore, cybersecurity forensics analysts are in demand in almost every industry. A search for job listings requiring knowledge in digital forensic science reveals numerous openings in multiple companies. For example, government agencies such as the federal bureau of investigations consider the field of digital forensics as part and parcel of modern criminal investigations. Therefore, experienced information technology professionals will continue to be in high demand in the foreseeable future.

How can You Become a Cybersecurity Forensics Analyst ?

Digital forensic investigators can work for private companies or hold senior positions in government and law enforcement agencies. That said, starting a career path as a computer forensics analyst opens numerous professional development opportunities. You can become a competent digital forensics investigator in four primary steps.

  1. Complete specific education levels: Enrolling in various education programs can be the stepping stone towards becoming a certified and qualified computer forensics investigator. For example, different university degrees can provide the necessary skills to advance to more specialized forensics certifications. They include a bachelor’s degree in applied mathematics, computer science, digital forensic, computer engineering, electrical engineering, information technology, cybersecurity, among others. Also, you can aim for more advanced and senior positions by completing a master’s degree program.
  2. Focus on a specific career path: The field of computer forensics is wide with numerous specialties. Therefore, it is vital to identify and determine the most suitable entry-level positions to help you develop your career in a specific specialty. One of the effective ways through which you can identify your preferred career path is working in various digital forensics roles while developing valuable experience. Examples of information security fields you can consider plying your acquired forensics skills include software development, law enforcement, and the cybersecurity industry.
  3. Acquire computer forensics certifications: You can kiss a senior position goodbye if you don’t have relevant computer forensics certifications. Most employers require potential digital analysts to demonstrate their skills and knowledge by requiring them to possess at least one computer forensics certification. Professional certifications are a testament that you have acquired the required on-hand practical experience, and you have passed a standardized exam testing your skills and practical experience in digital forensics investigation. Currently, numerous digital forensics certifications focus on equipping different skill sets.
  4. Learn continuously: Similar to most careers in the cybersecurity industry, you must learn continuously and then learn some more to keep current and updated with new trends and forensics procedures in the computer security industry. A recommended approach for remaining updated on what’s happening in computer forensics is joining a professional organization. For example, The International Society of Forensic Computer Examiners (ISFCE) is one of the leading computer forensics associations that focuses on providing continuous education, testing digital forensics experts on their proficiency on various forensics concepts, and professional growth and development. Also, The Scientific Working Group on Digital Evidence (SWGDE) is another computer forensics-focused organization that facilitates open communication between forensics experts and industry-leading organizations to ensure their skills and knowledge are current.

Professional Certifications and Skills Requirements

As stated earlier, professional certifications are required for you to scale the ladders of different computer forensics career paths. Therefore, employers often require employees to have some of the following professional certifications:

  1. Certified Computer Examiner (ECE): It is the primary certification offered by ISFCE that seeks to develop competent cybersecurity forensics professionals. It equips skills and practical capabilities that relate to digital forensics practices.
  2. Certified Forensic Computer Examiner (CFCE): The CFCE certification program is offered by The International Association of Computer Investigative Specialists () IACIS. It demonstrates a forensics expert’s competency in various computer forensics skills, knowledge, and concepts.
  3. CompTIA Security+: It is a global certification that validates baseline skills a security professional must possess to perform basic security functions, paving the way for a career in IT security. It is an entry-level certification, and it is considered among the first every IT security professional should learn.
  4. Certified Ethical Hacker: Certified ethical hacker is cybersecurity certification provided at the intermediate level. The certification provides candidates with qualifications in penetration testing skills, which is an important tenet of an ethical hacker’s career. In addition, the certification equips learners with skills of identifying potential security vulnerabilities, risks and threats in different IT settings and infrastructures.

In addition to the professional certifications described above, computer forensics experts require a minimum of the following skills to excel in the digital forensics industry.

  • Collect digital evidence by designing and developing customized evidence acquisition procedures for different digital technologies.
  • Be proficient in applying current reverse engineering methods to understand better the modern techniques attackers use to exploit and penetrate vulnerable systems.
  • Possess in-depth knowledge of how to analyze obfuscated code and various malware variants.
  • Understand the processes and working of different operating systems, computer hardware, mobile devices, and networks.
  • In-depth understanding of different forensics tools and methods applied to collect evidential data from specific electronic devices and applications.

Adoption and Implementation of Virtualization Versus Physical Server Infrastructure

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3
-
0
Adoption and Implementation of Virtualization Versus Physical Server Infrastructure

The Basics of Virtualization

Virtualization is the ability to run one or more virtual machines on top of one physical host (Ruest & Ruest, 2009).  With virtualization, it is easy to spin up testing, training, and development environments without the need for separate hardware.  Virtualization has been a disruptive force within the industry, and it has significantly impacted the way data centers operate.  In data centers, virtualization introduced vast efficiency and cost improvements.  Before virtualization, it was common for data centers to run many dedicated servers at minimal utilization rates.  Utilization rates were low because the hardware had to handle potential surges in usage that only occasionally occurred.  Enough capacity also had to be provisioned to account for projected growth.  After introducing virtualization, the hardware efficiently increased because customers could use Virtual Private Servers (VPSs) rather than a dedicated server.  Multiple VPSs could run on the hardware that previously was dedicated for a single purpose.  These VPSs provide the same reliability and security as a dedicated server.  Virtualization is not limited to data centers (server virtualization).  Virtualization has different forms, including desktop virtualization, in which multiple virtual desktop operating systems can run on a single machine.  Other types of virtualization include application virtualization, storage virtualization, and network virtualization.  

The Technical Specifications of Virtual Machines

System requirements for virtual machines (VMs) vary depending on the purpose, but the architecture of all virtual machines requires a hypervisor.  A hypervisor is software that creates and runs virtual machines (VMs) (Redhat, 2020).  The hypervisor software isolates the operating systems and resources for the VMs so that multiple operating systems can share the same physical computing resources (IBM, n.d.).  This software also provides management functionality for the VM and allocates the necessary system resources to each VM.  These system resources include memory, drivers, process schedulers, and other requirements that each VM needs to function.  There are two categories of hypervisors: Type 1 hypervisors and Type 2 hypervisors.  Type 1 hypervisors run directly on the physical hardware and do not require an operating system (OS).  Type 2 hypervisors, on the other hand, run as an application on an OS (IBM). 

Virtual machines contain all of the devices and capabilities that are in a physical system.  This includes storage, BIOS, memory, ports, processor, networking capabilities, etc.  The VM configuration for common configurations can be chosen from a menu of pre-configured options.  This allows for configuration and spin-up of the needed VM can using just a few clicks.  The user also can build the VM technical specification from scratch by choosing custom options or modifying the options of a pre-configured VM. 

Physical Data Center Cost Considerations

The capital expenditure required to purchase, implement, operate, and maintain a physical data center is significant.  The data center’s size depends on the organization’s requirements and could range from a small 500 square foot room to over 5000 square feet for a mid-sized organization.  Beyond size, the required uptime (availability) for the data center impacts the cost significantly.  This requirement affects the design, construction, and components required for the data center.  If the organization can withstand system outages, there would be cost savings based on the reduced uptime requirement.

In many cases, a high level of system availability is critical for the organization.  This criticality requires the implementation of redundancy in the form of Uninterruptible power supplies (UPS) and backup power (generators).  Network redundancy may also be necessary to ensure that the system does not suffer an outage in the case of a fiber cut or network failure.  High levels of network redundancy are achieved by constructing two distinct communications paths to the datacenter.  In the case of a network failure, the system can automatically switch to the redundant network path without significantly impacting the users.  The estimated cost expenditures required to construct a physical data center ranges from tens of millions to hundreds of millions of dollars, depending on the size and requirements.

Virtualization Cost Considerations

As stated, a significant advantage of virtualization is cost savings.  The most obvious cost savings is through the reduction of underutilized physical hardware components.  The cost savings from the decrease in the need for physical hardware is amplified by less need for climate-controlled space, redundancy capabilities, and power.  Simply put, reduction in hardware has significant cost savings implications in multiple areas. 

Virtualization technology enables the business model for cloud computing providers.  By definition, cloud computing is the on-demand delivery of IT resources over the Internet with pay-as-you-go pricing (AWS).  Cloud computing relies on providers rely on virtualization and enables organizations to purchase IT services as an operating expense than investing in the costs associated with a physical data center.  The cloud model shifts the capital expenditures from the user to the cloud provider.  This business model works because the cloud providers utilize virtualization to serve many separate customers with the same hardware.  This allows the cloud provider to realize economies of scale to justify the high costs of deploying physical data centers.

Adoption of Virtualization

Virtualization technology began to become widely adopted in the early 2000s (Red Hat, 2018).  Since then, the adoption of virtualization has steadily increased.  Virtualization adoption was rapidly changed with the development of the cloud.  In effect, the cloud was born when virtualization meets the Internet (IBM, 2017).  Amazon Web Services (AWS) launched the first public cloud in 2002.  Since 2012, the cloud has evolved and added many cloud hardware options, operating systems, and software options.  In the first quarter of 2021, AWS reported $13.5 billion in sales.  This was an annual revenue increase of 32%.  These statistics show that virtualization adoption (in the cloud computing sector) is exceptionally rapid.  Large enterprises and governmental organizations are adopting cloud technologies to replace aging data centers so that they can realize the cost savings and take advantage of the agility offered by virtualized cloud environments.  Smaller organizations such as single-office small businesses also adopt the cloud to avoid the capital expenditures required for on-premises equipment.

Beyond the cloud, desktop virtualization is also widely adopted.  Companies such as VMware and Oracle offer virtualization software that allows security researchers, software developers, and others to create VMs.  VMs are commonly used for testing new operating systems, investigating malware, running incompatible software, or for secure internet browsing (IBM Cloud Education, 2019)

References

A brief history of cloud computing BM Cloud Team, (2017, January 6).  https://www.ibm.com/cloud/blog/cloud-computing-history

Hypervisers. (n.d.). IBM. Retrieved October 34, 2021 from https://www.ibm.com/cloud/learn/hypervisors

Redhat (2018) What is virtualization? https://www.redhat.com/en/topics/virtualization/what-is-virtualization

Redhat (2020, January 10) What is a hypervisor? https://www.redhat.com/en/topics/virtualization/what-is-a-hypervisor

Ruest, N. & Ruest, D., (2009) Virtualization, a beginner’s guide. McGraw-Hill Education

1...132133134...149Page 133 of 149

CyberExperts is your cybersecurity news and education website. We provide you with the latest breaking news and videos in the cybersecurity industry.

Contact us: [email protected]

© Copyright - CyberExperts.com