Web Threats Are Real – Be Proactive

March 6, 2013 By

This post is really designed for my family and friends. I write it because in the business that I am in I get to see hear the detrimental impact web based threats have on people. I hear horror stories of lost data, the amount of information they have lost and the impacts it has had on them and their businesses.

I by no means will cover all the things that you should do, but it will help better situate your online security posture.

Good security posture is about risk reduction…

Understand that when reading this there are many variables that have to be accounted for when talking about protecting yourself and not everything is under your control. The web is such that we have grown accustomed to what it offers us and now we have to learn to adapt.

[Read more...]

Filed Under: Awareness, General, General Security Tagged With: , ,

Protecting Your Website – CloudFlare or Incapsula?

November 13, 2012 By

I get this question a lot whenever I talk with clients or give presentations, “How do I prevent my website from being hacked?”. Many actually confuse the service we offer at Sucuri as a preventive service. Good thing we don’t advertise preventive services.

That’s right, our service sits in the detection and remediation realm. By the nature of what we do there are preventive components that we implement, but our service has always been about detection, and more importantly remediating the mess. For any InfoSec professional working in the security domain you can understand this approach; you have long learned that prevention is ideal but detection is key and that’s based around the understanding that prevention, like detection, will never be a 100% solution.

That being said, I came across a recent report by Philip Tibom of Sweden titled Incapsula vs. CloudFlare (PDF Download). It was published October 15th, 2012 and in it he chronicles his experiences with both platforms over the last 6 months. If you’re not familiar with either then you’re really not that concerned with your security posture, and that’s ok of course but unfortunate none the less.

I would argue that CloudFlare is likely winning the popular vote, entering into the most partnerships and making the most noise, but Incapsula is perhaps the most effective based on the report. The two services are software as a service (SaaS) based solutions targeting the preventive side of the house; yes these would be the first-line of defense solutions so many folks are looking for.

They fall into the latest category of Web Application Firewalls (WAF) coming to the market designed to address the pandemic problem that is website attacks and web malware distribution. They are designed to slow down, if not completely, prevent the attacks from ever occurring; in essence doing away with your need for a detection / remediation service, right?

If that were only the case..
[Read more...]

Filed Under: Awareness, General, General Security, Technology, Tools, Web Application Firewall, Web Security

Accessing Your Server via SSH Keys

August 12, 2012 By

The past couple of weeks I have found myself dabbling in a number of system / network centric tasks. In the process I have been configuring a number of servers and thinking through a number of initial tasks that need to be taken. From time to time I find myself compelled to take a few minutes to summarize the steps not only to benefit readers but myself later on.

Here is a quick post that will show you how to enable access to your server via SSH keys in the place of passwords.
[Read more...]

Filed Under: General, General Security, Technology, Web Sever Tagged With: , , , ,

Securing Your Data On Dropbox Using TrueCrypt

August 5, 2012 By

The storage of your data on the cloud is becoming common place today and its hard to think that it will change any time soon. I personally have been a big fan of cloud-based services since they first started to come on the scene a few years back. With it though comes concerns around security, most notably is the recent compromise at Dropbox.

If you’re not familiar, this is what The Dropbox Blog reported:

A stolen password was also used to access an employee Dropbox account containing a project document with user email addresses. We believe this improper access is what led to the spam. We’re sorry about this, and have put additional controls in place to help make sure it doesn’t happen again.

While this raises questions as to why a Dropbox employees had a list with user emails, its none the less something we have to deal with. Here is an instance where the vulnerability was the end-user. In fact, if you look at some of the more recent compromises at Security firms and big enterprises, often case the point of entry is through email credentials, but that’s not the point here.
[Read more...]

Filed Under: Awareness, General, General Security, Technology Tagged With: , , ,

Recent Security Related Posts

July 14, 2012 By

Sometimes I wonder why I did this to myself, start a new blog that has to be maintained, but don’t worry I will maintain it, I hope.

That being said, the past few weeks have been busy. While I have posted here, there have been a number of things going on. The most notable, notable in the sense of popularity, was Yahoo’s security breach. We, Sucuri, wrote more about it here: http://blog.sucuri.net/2012/07/analysis-of-yahoo-voice-password-leak-453441-passwords-exposed.html, we even put out a nice little tool that allows you to check your email to see if it was compromised.
[Read more...]

Filed Under: Awareness, General, General Security, Technology, Web Security, WordPress Tagged With: , , , , ,
« Older Posts