Network Security – Page 4 – Computer Security Articles

How seven mesh routers deal with WPS

April 28, 2017 admin internet, Network Security, Networking, Security

Credit to Author: Michael Horowitz| Date: Fri, 28 Apr 2017 11:20:00 -0700

The recent wave of new mesh router systems has brought with it changes besides the obvious increase in Wi-Fi range. For example, these mesh routers are more likely to insist on WPA2-AES encryption, as many have dropped support for the less secure WEP and WPA options. Not all of them, but many.

Here I take a look at another insecure router technology, WPS (Wi-Fi Protected Setup) and how these new mesh routers deal with it.

WPS is an alternate way of gaining access to a Wi-Fi network that does away with having to know the SSID (network name) and password. Much of what you read about WPS is incomplete, as it supports at least four different modes of operation.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

An introduction to six types of VPN software

April 16, 2017 admin internet, Network Security, Networking, Security

Credit to Author: Michael Horowitz| Date: Sat, 15 Apr 2017 15:44:00 -0700

A VPN is simply an encrypted connection between two computers, each side running VPN software. The two sides, however, are not equal.

The software that you, as the user of a VPN service deal with, is known as the VPN client. The software run by a VPN company is a VPN server. The encrypted connection always starts with a VPN client making a request to a VPN server.

There are many different flavors of VPN connections, each with its own corresponding client and server software. The most popular flavors are probably L2TP/IPsec, OpenVPN, IKEv2 and PPTP.

Some VPN providers support only one flavor, others are much more flexible. Astrill, for example, supports OpenWeb, OpenVPN, PPTP, L2TP, Cisco IPSec, IKEv2, SSTP, StealthVPN and RouterPro VPN. At the other extreme, OVPN, as their name implies, only supports OpenVPN.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

What it takes to become an IT security engineer

March 29, 2017 admin IDG Insider, IT Careers, Network Security, Security

Credit to Author: Stacy Collett| Date: Wed, 29 Mar 2017 03:56:00 -0700

When Scott Copeland got his associate degree in network administration back in 2004, the community college he attended didn’t offer IT security courses, “but it gave me the foundation to learn more about network security,” he says. His determination and thirst for learning led him to his current job as an IT security engineer at FedEx Services in Memphis, Tenn.

To read this article in full or to leave a comment, please click here

(Insider Story)

ComputerWorld Independent

Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weakness

March 21, 2017 admin Network Security, Networking, Security

Credit to Author: Michael Cooney| Date: Tue, 21 Mar 2017 08:50:00 -0700

A vulnerability in Cisco’s widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.

+More on Cisco Security on Network World: Cisco security advisory dump finds 20 warnings, 2 critical+

The vulnerability — which could let an attacker cause a reload of an affected device or remotely execute code and take over a device — affects more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

Fragmentation: the silent killer in security management

March 20, 2017 admin Network Security, Security

Credit to Author: Ryan Francis| Date: Mon, 20 Mar 2017 10:28:00 -0700

ComputerWorld Independent

Cebit showcases security after Snowden

March 20, 2017 admin Network Security, Personal Technology, Security

Credit to Author: Peter Sayer| Date: Sun, 19 Mar 2017 23:00:00 -0700

It’s been almost four years since Edward Snowden leaked U.S. National Security Agency documents revealing the extent of the organization’s surveillance of global internet traffic, but he’s still making the headlines in Germany.

At the Cebit trade show in Hannover, Germany, he’ll be looking back at that period in live video interview from Moscow on Tuesday evening.

There have been a lot of changes on the internet in those four years, but one of the biggest is the growth in the use of encryption.

In 2013, the NSA had free rein and could listen in on almost any communication it wanted. Now, it’s commonplace to encrypt traffic to webmail services and even popular websites such as Microsoft.com or Google.com using the https protocol. And you don’t have to be an enemy of the state to use an end-to-end encrypted messaging system such as WhatsApp simply to chat with friends.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

7 Wi-Fi vulnerabilities beyond weak passwords

February 22, 2017 admin IDG Insider, Network Security, Networking, Security, Wireless Networking

Credit to Author: Eric Geier| Date: Wed, 22 Feb 2017 03:00:00 -0800

To keep private Wi-Fi networks secure, encryption is a must-have — and using strong passwords or passphrases is necessary to prevent the encryption from being cracked. But don’t stop there! Many other settings, features and situations can make your Wi-Fi network as much or even more insecure as when you use a weak password. Make sure you’re not leaving your network vulnerable by doing any of the following.

To read this article in full or to leave a comment, please click here

(Insider Story)

ComputerWorld Independent

IDG Contributor Network: Rapid7 demystifies penetration testing

February 8, 2017 admin IT Management, Network Security, Operating Systems, Security

In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:

how much organizations budget for pen testing engagements;
what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
what percentage of sites are free of exploitable vulnerabilities;
the easiest ways for attackers to execute their attacks; and
how often pen tests successfully identify and exploit software vulnerabilities.

The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as:

To read this article in full or to leave a comment, please click here