Home Blog Page 65

Exclusive Interview With Bob Baxley, CTO Of Bastille Networks

Daniel Segun
-
0
Exclusive Interview With Bob Baxley, CTO Of Bastille Networks

Here’s an exclusive interview with Bob Baxley, CTO of Bastille Networks – a leader in enterprise threat detection through software-defined radio.

When facilities say “no devices allowed,” that’s not necessarily true.

The problem: most of these devices have radio frequency (RF) communication interfaces that make them vulnerable to RF attacks.

As such, enterprises must implement and enforce more nuanced electronic device policies to accurately distinguish between approved and unapproved electronic devices in secure areas and detect and locate unauthorized cellular, Bluetooth, BLE, Wi-Fi, and IoT devices.

Bastille offers unparalleled situational awareness with cellular and RF-based threat detection, location, and alerts to help prevent RF attacks.

Bastille’s ongoing partnership with the Department of Homeland Security underscores their dedication to protecting nations and securing enterprises.

Exclusive Interview With Bob Baxley, CTO Of Bastille Networks

So, in this interview, we spoke with Bob Baxley to learn more about their security solutions and how enterprises can protect their devices from cybersecurity threats.

Here are Bob Baxley’s responses to our questions:

1. Question: Tell me more about Bastille Networks

Bob Baxley: Bastille is the leader in enterprise threat detection through software-defined radio. Bastille provides full visibility into the known and unknown mobile, wireless, and Internet of Things devices inside an enterprise’s corporate airspace–the Internet of Radios. Through its patented software-defined radio and machine learning technology, Bastille senses, identifies, and localizes threats, providing security teams the ability to accurately quantify risk and mitigate airborne threats that could threaten network infrastructure.

READ ALSO: Enterprise Security Guide: Your Roadmap To A Secure Business

2. Question: What’s unique and different about Bastille than other solutions/companies?

Bob Baxley: Until Bastille, there was no way to apply network security mechanisms and countermeasures to RF-enabled IoT devices. IT security professionals couldn’t buy a security service like Bastille Enterprise until we invented it.

3. Question: Can you dive into radio frequency security and why it’s essential for enterprises?

Bob Baxley: Corporate airspaces are under attack from invisible threats operating on Radio Frequencies (RF). Enterprises often crucially rely on wireless protocols they don’t even know they’re using (Bluetooth, Wi-Fi, BLE, Zigbee, Z-Wave, etc.).

These protocols are used to build controls and access for employee communications, IT, and employees. The exploitation of vulnerable wireless devices is growing increasingly common.

Sophisticated attacks use compromised RF devices as entry points into government and corporate networks. Foreign governments, competitors, and cybercriminals are conducting radio-based attacks on enterprises to access intellectual property and sensitive information.

READ ALSO: The Importance Of Cybersecurity In Business

4. Question: Can you discuss why enterprises must implement and enforce more nuanced electronic device policies to accurately distinguish between approved and unapproved electronic devices in secure areas?

Bob Baxley: RF-enabled devices are everywhere: According to Statistica, there are 4.7 billion Cellular phones, 8.4 billion Bluetooth devices, and 9 billion Wi-Fi devices; added to this is the increasing use of “wearables” such as FitBits and other personal devices with embedded radios, with a variety of audio/video capture, pairing and transmission capabilities.

Current policies are outdated: While some government and commercial buildings have secure areas where no cell phones or other RF-emitting devices are allowed, detecting and locating radio-enabled devices is primarily based on the honor system or one-time scans for devices. Bad actors do not follow the honor system; one-time scans are just that, one time, and cannot be monitored 24×7. 

New solutions for a new age: Bastille enables security teams to differentiate between approved and unapproved devices, accurately places dots on a floor-plan map for device location, and sends alerts when a device is found where it should not be or doing what it should not do. Bastille Networks also integrates with existing security systems such as Splunk, MDM, and camera systems.

READ ALSO: Is Cybersecurity Essential For Online Casino Websites?

5. Question: What cybersecurity measures would you recommend for enterprises and why?

Bob Baxley: 

Take Control of Your Airspace: Obtain visibility into devices that use the big four protocols: cellular, Wi-Fi, Bluetooth, and BLE. Locating every radio emitter provides situational awareness of devices in an enterprise’s network.

  • Evaluate RF Technology: Assessing RF security solutions is vital in preserving company secrets. As security teams examine RF products in the market, a checklist of capabilities should include solutions that can detect, analyze, alert, and accurately locate cellular devices that incorporate airspaces in real-time.
  • Deploy RF Solutions: Proactively equipping an organization with RF security technology will future-proof an enterprise from an RF breach. Adopting RF solutions that constantly monitor and detect the transmissions of devices in the wireless spectrum will combat nefarious attacks.

6. Question: Can you shed more light on Bastille Express?

Bob Baxley: Earlier this year, Bastille launched Bastille Express, the commercial version of the government spec Bastille FlyAway Kit, for forward-deployed locations.

Bastille Express can detect and locate authorized and unauthorized Cellular, Bluetooth, BLE, and Wi-Fi devices operating within 3,000 to 5,000 square feet, such as conference meeting rooms, remote offices, hotel areas, or speaking locations. 

Bastille networks logo

Visit the official Bastille Networks website

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.

SIMILAR INTERVIEWS

Exclusive Interview With Hugh Taylor, Author Of Digital Downfall

Gina Lynch | ✔️Fact-checked by: Christian Schmitz
-
0
Exclusive Interview With Hugh Taylor, Author Of Digital Downfall

In this digital age, cybersecurity is of utmost importance. In his recent book, Digital Downfall: Technology, Cyberattacks, and the End of the American Republic, Hugh Taylor addresses America’s vulnerability to cyberattacks, especially from foreign sources.

In this exclusive interview, we discussed with the author as he shared more insights about the book and his findings.

Hugh Taylor
Hugh Taylor

Hugh Taylor is a renowned author and Executive Editor of The Journal of Cyber Policy, a cybersecurity industry blog.

He is a Certified Information Security Manager (CISM) and is well-experienced in cyber-related matters, having been in the field for over 20 years.

Other books by the author include The Joy of SOX (Wiley) about IT, the Sarbanes Oxley Act, and Event-Driven Architecture (Prentice-Hall).

Here are Hugh Taylor’s responses to our questions:

1. Question: Your book talks about the high reliance on computers in the US government and private industries; What alternative would you recommend?

Hugh Taylor: Good question. There is no turning back at this point. The issue is where and how to rely on computing, and how the technology can be made more secure. The government and industry need computers. In the military, it may be possible, and indeed might be advisable, to create more analog workarounds if computers fail. I think it would be smart for companies and government agencies to look critically at where their dependence on computing puts them at risk and adjust their strategies accordingly.

For example, is keeping all sorts of data about customers and citizens in databases necessary for the organization’s mission? Maybe not. Maybe it’s possible to operate without building a repository of data that can cause harm to the public if it’s breached—which it will be at some point. Or, are there places in the infrastructure where a non-programmable, hardware-based appliance (vs. a “Turing machine”) might be a more secure option? And so forth.

READ ALSO: Browser Compartmentalization: How to Compartmentalize Your Web Browsers

2. Question: Russia and China are engaging the US in digital warfare, which party is winning, and why?

Hugh Taylor: It’s really hard to tell, for certain. It seems that Russia and China are running wild in the US. Russia appears to be able to influence American politics and government policy using social media distortions and cyber techniques. China has stolen a great deal of American economic trade secrets and grabbed massive amounts of secret military data.

People who know about these things have told me that the US is also hitting back very hard in those countries… but they have state-controlled media, so we don’t know about it. And, maybe it doesn’t matter. An America that foreign adversaries can disrupt is at risk of serious trouble. Whether we’re “doing it back to them” doesn’t mean much if our own system is collapsing due to their interference. After all, the US is more vulnerable to digital disruption than Russia or China.

3. Question: You discussed Russia’s desire to pit racial groups in the US, how credible are your arguments?

Hugh Taylor: I believe my arguments are credible to the extent that anyone can ever accurately attribute a cyber attack to a particular nation. American law enforcement officials, experts, and others have testified to the US Congress that Russia is using cyber techniques and disinformation to provoke racial violence in the US.

In the 2016 campaign, we saw several examples of this, including a street-level confrontation in Texas between Christian and Muslim groups—that was instigated by Russian operatives on social media. We saw Russian attempts to build fake Black community advocacy groups on Facebook in 2016. I believe we are seeing comparable, but more sophisticated efforts at work today with Black Lives Matter and its counter-protests, along with pro- and anti- Antifa demonstrations.

Just this last week, we saw a social media hoax that made hundreds of “militia” people appear in Gettysburg to prevent an “Antifa flag burning.” It’s only a matter of time until people start getting killed due to these online tricks. I strongly suspect this was a Russian operation, but I cannot prove it.

I believe Russian operatives are driving or amplifying some already tense situations. It’s not new. The techniques date back to the Soviet era when they were called “Active Measures.” The long-held and publicly disclosed Soviet strategy was to cause internal divisions within Western societies to weaken them. The underlying trouble remains the same, however: The fact that the US cannot tell for sure who is attacking them is a major national security problem.

Related: Exclusive Interview With Dan Fusco, CEO Of InnerPC

4. Question: Do you believe the COVID-19 pandemic is making it easier for attackers or otherwise?

Hugh Taylor: Yes, the pandemic provides more opportunities for social engineering and access control problems. With so many people working remotely, often on insecure devices, hackers can find more opportunities to penetrate networks.

5. Question: You’ve written other books in the past, but none has discussed America’s digital insecurities; what drew your attention to this topic?

Hugh Taylor: I have written books about standards-based software architecture and compliance. Over the years, this work, along with my other work on behalf of companies in the security space, has led me to see a pattern of insecurity. I felt motivated to research the issue more deeply and write “Digital Downfall.”

6. Question: What impact do you expect the book to create?

Hugh Taylor: This is one of many books addressing the overall issue of American cyber weakness. I hope that the book can help drive dialogues around improving the security of the underlying technology that powers so much of American life. I believe that current risks will only be mitigated if we can address the root causes of the problem.  

Digital Downfall

Interested in the book “Digital Downfall” by Hugh Taylor, you can get it on Amazon.

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.

INTERESTING POSTS

10 Hand Gesture Emojis You Might Find Useful And Their Interpretations

Amaya Paucek | ✔️Fact-checked by: Christian Schmitz
-
0
10 Hand Gesture Emojis You Might Find Useful And Their Interpretations

Here are 10 hand gesture emojis and their interpretation.

Hand Gestures are another way of communication. People who cannot speak use hand sign language to convey their messages without having to yell the words out of their minds.

However, hand gestures are limited to people who cannot speak and ordinary people who wish to communicate simply. Hand gestures can be helpful in our daily lives. Here are the most common hand gesture emojis and their interpretations:

10 Hand Gesture Emojis

1. Ok Hand Emoji

When you say “okay” or “ok,” it usually means that you approve of something or have accepted what has happened or is bound to happen. The ok hand emoji can also be used to say that you are already satisfied or feel pleased and content.

This emoji is portrayed as a hand gesture wherein the index finger is met by the thumb, forming a circle or round shape. In some places or countries, this sign can be a negative approach since they consider it insulting or call them an asshole, so you will have to be careful in using this emoji.

2. Raised Fist Emoji

This fist emoji is commonly used to convey a message with power. Politicians and organizations frequently use this hand gesture. This gesture means they will fight or stand for what they believe is right and beneficial. It recently became a symbol for the BLM, or the “black lives matter” sign.

3. Oncoming Fist Emoji

Another fist emoji is this oncoming fist emoji. Just like people greet each other with a high-five, some use their fists instead. Men or even women commonly use it they consider their “bro.” This gesture emoji is another way to say that you agree with each other.

4. Raised Back of Hand Emoji

Imagine someone in the class who would like to ask their teacher a question. You can see that they raise their palms in the air and have their palms facing the teacher or the person they want to ask. It is also another way to participate in a question. 

For example, a teacher asks who made the assignment, and you raise your hand since you have done it. In other words, this raised back-of-hand emoji is a way to signal a salutation.

5. Thumbs Up Emoji

While the ok hand emoji symbolizes “agreement” or “acceptance,” this emoji also has a similar interpretation. This emoji has no known negative connotation and agrees with something excellent or favourable.

6. Thumbs Down Emoji

Aside from the thumbs-up emoji, there is a different emoji for this: the thumbs-down emoji. It is a way to disagree or disapprove of something you do not support. This emoji has no definite meaning, but disliking something does not necessarily imply that it is a negative approach. It all depends on how you use it.

7. Backhand Index Pointing Left Emoji

Directions can be done without having to say them in words. You may use hand gestures to signal the direction you want to point to. This emoji can also be done virtually using emoticons, or emojis. When you want to look to the west or left, the appropriate emoji for this is the backhand index pointing to the left emoji.

8. Crossed Fingers Emoji

This crossed fingers emoji is commonly used to express wishing for good luck about something, or perhaps you want something great to occur that is favourable to you. This emoji also has religious meanings. 

Christians use this emoji to say that they ask God for their protection against everything evil and harmful. This emoji is also used to express a white lie or promise something you don’t intend to do.

9. Raised Hands Emoji

This raised hands emoji is one of the emojis that has many distinct meanings, but mostly positive ones. This emoji is portrayed as two palms raised together in the air. It can signify a victory or a “hooray.” This emoji can also signal that they are trying to imply that they want to “double high-five” with someone.

Like the previous hand gesture emoji, this emoji also has religious beliefs and is commonly used by the members. This emoji can mean they are worshipping their God or Heavenly Father.

10. Victory Hand Emoji

One of the most famous hand gesture emoji almost everyone uses is the victory hand emoji. This emoji can also be called the “peace sign.” This emoji has various meanings behind them, both positive and negative. This emoji may just be a peace sign to us, but this isn’t very respectful in British culture.

Be careful when using hand gesture emojis

Most emojis are mistakenly thought to have only positive meanings behind them, but in reality, there are more ways to use them and many connotations or interpretations behind them.

We must be careful when using them, even if they are only digital emoticons.

Note: This was initially published in August 2020, but has been updated for freshness and accuracy.

INTERESTING POSTS

10 Symbol Emojis And The Different Meanings Behind Them

Amaya Paucek | ✔️Fact-checked by: Christian Schmitz
-
0
10 Symbol Emojis And The Different Meanings Behind Them

Here are 10 symbol emojis and the different meanings behind them.

Emojis are not just about smileys, animals, plants, and objects, but also flags, shapes, and even symbols! As observed, people do not use the symbol emojis that much cause it can be unnecessary and can be typed out. 

Nevertheless, the symbol emojis can still serve a purpose. If you wish to know more about specific symbols like checkmarks, question marks, etc., scroll down to our listed symbol emojis!

10 Symbol Emojis And The Different Meanings Behind Them

1. Heavy Check Mark

This check mark emoji is portrayed as a black-colored check, also called the “heavy check mark.” It is sometimes confused with the “white heavy check mark,” but this one has a different color. A checkmark has many meanings, but it is primarily positive.

One meaning of a checkmark is that it could mean that you have accomplished or completed your to-do task or your work assignment. It could mean that it is a “job well done.” There is no known negative connotation for a checkmark.

2. White Heavy Check Mark

Just like the previously mentioned emoji, this heavy white checkmark also has the same meaning behind it.

This emoji is portrayed as a green box with a white checkmark in the middle of it. This emoji is sometimes called the “greenlit.”

3. Ballot Box With Check Emoji

Another check mark emoji is this ballot box with a check emoji. This emoji can have the same meaning behind it, but this one has a specific use.

It is usually used to tick off a portion of a list as “done” or “selected.” This symbol is generally found in a ballot box where you are voting for a political organization candidate.

4. Cross Mark Emoji

This cross mark emoji can be opposite to the previously mentioned emojis, but you may use it for the same purpose. It may have a positive or negative connotation behind it. This emoji is sometimes confused with the cross-mark button emoji.

Cross mark emoji is portrayed as a red X and has no other feature. This mark can also be used to tick off a task that has already been completed or may symbolize that the portion of the list is unacceptable or wrong. It can mean approval, but it is mainly used for disapproval.

5. Cross Mark Button Emoji

Similar to the previously mentioned symbol emoji, this cross mark button emoji can have the same meaning since it uses the same “cross mark.”

This emoji can tick off or symbolize an actual “X” or cross-marked button.

6. Exclamation Mark Emoji

This exclamation mark symbol emoji is portrayed as an exclamation mark that is colored red and is bolded. It is commonly used to get someone else’s attention or say that they are saying something important or something you should hear. 

It can be used to highlight or emphasize a specific message or a portion of a text. These emoji can have many uses behind them and do not necessarily have positive or negative meanings.

7. Double Exclamation Mark Emoji

Just like the previous emoji, the double exclamation mark emoji has the same features, but this one has two of the marks.

It can mean the same thing, but it could say that it needs a little more attention than a single exclamation mark. This emoji can be too unnecessary since it is sometimes used for a harmful purpose.

Question Mark Emoji

8. Question Mark Emoji

This question mark emoji has the same color and features of an exclamation mark emoji, but this one is in “question mark.”

This emoji is mainly used to ask questions or to say that you are confused about something. It is confused with the other question mark emoji, the “white question mark emoji.”

Be careful when using this emoji because it can have a negative meaning or interpretation. It can be an infamous symbol that you can use to say that you are baffled about something and in disbelief.

9. White Question Mark Emoji

Although this emoji looks the same as the previously mentioned emoji, it can have a little difference from the previous one.

As mentioned in the last emoji, it can be a negative emoji, but this white question mark emoji can be different. It can have a lighter tone since it is white-colored, and it cannot be misinterpreted that much.

10. Exclamation Question Mark Emoji

This symbol emoji combines both the exclamation and the question mark, which is also bolded and red. This emoji does not necessarily mean anything, but it is commonly known as rude since it looks very impatient about something.

Takeaway

Even though this symbol emoji is not used that much compared to the smileys and animals emoji, this category of the emoji collection was still helpful to some, especially in making banners, or creating a list of something, whether they may be academic, work-related, or just personal.

Note: This was initially published in August 2020, but has been updated for freshness and accuracy.

INTERESTING POSTS

Popular Emojis Used For Expressing True Feelings

Amaya Paucek | ✔️Fact-checked by: Christian Schmitz
-
0
Popular Emojis Used For Expressing True Feelings

Here are popular emojis used for expressing true feelings.

When communicating with people, you often cannot reveal or express what you genuinely feel by using plain words.

Behavioral reactions or emotions that people express can be complicated for some, and merely sending emojis can help you. Emojis come in handy in showing your true self and personality since it is crucial whenever you communicate with someone.

Emotions are things that you are not in control of. The facial expression is based on what you are currently feeling. Now, developers have made sure that emojis that depict or show the exact facial expressions of people in various situations are there for people to use. These emojis are helpful when people do not want to explain their feelings through text messages.

Emojis have been a thing in modern times since they released these emoticons. People are fascinated and happy with what they can use, especially when they want to express their feelings towards a person, object, scenario, or real-life situation. This article will help you understand the meaning behind each of them and why they are trendy.

Popular Emojis Used For Expressing True Feelings

1. The Drooling Emoji

If you love eating or eating much of food and feel like your saliva is dripping because of hunger and cravings, this drooling emoji would best fit your current feeling. Sending these emojis to your friends whenever you are out for food or craving for something will make them envious of what you are eating. A lot of people use it, may it be the young ones or adults.

If you want to hang out with your friends and grab food or dine at a restaurant or fast-food chain, sending them this drooling face will let them know that you are hungry and craving something delicious. Whenever you feel like eating something or seeing food posts online, you can react or comment on a post with a drooling face to indicate you love it.

Expressing hunger and cravings has never been made more accessible. A lot of people think that the drooling face is for food only. People are unaware that you can use this emoji whenever you feel delighted.

You can use this drooling emoji for your reactions whenever you like or love something, whether it is a house, a dress, a person, a car, etc.. Using this drooling emoji will show how you badly want to acquire things that catch your attention.

2. The Smiling Emoji With Hearts Or The Smiling In Love Emoji

The Smiling Emoji With Hearts Or The Smiling In Love Emoji  

Today, a newly developed smiley face surrounded by hearts is popular among people posting statuses or sending messages. This emoji was loved by many since it is very relatable and easy to comprehend. Many people have been using this type of emoji, but what is the meaning behind it?

This emoji is described by many as the “smiling in love” emoji or the “smiling emoji with hearts.” Many people use this emoji in situations where they comfortably show their love, care, and real feelings towards a person or a life event. You can also use it to describe your love for animals, things, events, and other things in real life. 

READ ALSO: Is Cyberbullying Worse Than Ever Before?

This emoji can also mean you have butterflies in your stomach whenever you get complimented—this emoji is designed with floating red hearts surrounding a smiley, blushing face. You can use this emoji to imply deep love and affection whenever you feel romantically attached to someone. 

3. The Pinched Fingers Emoji

Emphasizing a statement has never been easier because these pinched finger emojis can let others know you are explaining a serious matter. If you are proving a point in any situation or argument, you can send them this emoji to let them know you are stressing what they find hard to understand.  

This pinched finger emoji is a hand gesture commonly used by people when they find the need to stress things. People often use this whenever they ask questions in a moody tone. They can make this hand gesture or send a pinched finger emoji if they are curious. This emoji also shows a low level of patience for someone.

4. The Baby Angel Emoji

The Baby Angel Emoji

Cute emojis are made to express your feelings playfully, but this baby angel emoji has more meaning. With a stunning golden halo on top of its head and open wings, this emoji can depict a person’s true personality. This Baby Angel Emoji can correlate to a person’s characteristics, feelings, vibes, or attitude.

The feeling of innocence and pureness can be hard to express, but with this baby angel emoji, people will know you are kind, loving, forgiving, and understanding. Giving off a good vibe is what this baby angel emoji brings.

5. The Famous Red Heart Emoji

We all know that hearts automatically mean love for a person or thing, among all colors created on heart emojis. The solid red heart never goes out of style since it is the primary heart color many people are fond of utilizing.

Saying I Love You can be expressed or shown by merely sending a heart emoji to people. This emoji will uplift the mood of your friend, lover, family, or best friend. This emoji helps you convey your sincere feelings towards your loved ones without using words.

This heart emoji is popular on Valentine’s Day, but you can still use it on simple occasions like anniversaries, birthdays, graduation, and other important life events that you find essential. You can never go wrong whenever you use hearts on people you love the most. 

Use Emojis To Make Your Messages More Interesting

This article showed five emojis that people use to express their feelings. It is a simple way of letting others know your personality, real emotions, reactions, and more.

Remember that before using any emojis, you should be aware of their meanings since not all depict only one meaning. Some of the emojis have several meanings bound to them.

Note: This was initially published in August 2020, but has been updated for freshness and accuracy.

INTERESTING POSTS

Identity And Access Management Takes Up A Month Every IT Year

John Raymond | ✔️Fact-checked by: Christian Schmitz
-
0
Identity And Access Management Takes Up A Month Every IT Year

Do you know that IT takes a month each year to manage identity and access? 1Password research finds that 20% of workers don’t follow company security policies all the time, enabled by IT departments who empathize with the pursuit of productivity.

A half-month-long survey carried out by AgileBits Inc. 1Password has revealed that in every IT year, identity and access management takes up one month. This was shown to be because not all workers follow company security policies. 

The research which was conducted from April 15 to April 23, 2020, was carried out via an e-survey structure developed by Method Research and distributed by Dynata. It involved up to 1,000 desk-job employees, all employed in the United States. 

Out of the 1,000 employees, about 500 were staff in the IT department of their respective companies. The remaining were from all the other departments. In addition, all the interviewed employees were well over 18 years old and were from different areas in the US. 

READ ALSO: Compliance In The Cloud: Why IAM Is Critical

According to the survey results, IT staff tasks themselves with Identity and Access Management duties like tracking app usage and resetting passwords. This goes on for about 21 days, about 9 days shy of a full month. 

Going into more detail, the survey showed that 15% of IT staff engage in employee password resetting a minimum of 21 times every week. About 57% of IT staff engage in the same for up to 5 times every week. 

The survey extended to Shadow IT behavior in the current remote working situation and the convenience, productivity, and security achievement power of the EPM. 

In all of this, the IT employees revealed a significant problem: the lack of reliable technology resources. Also, not all IT workers follow company security policies, which are tied down to the concern for employee effectiveness. 

4% of IT staff do not enforce company security policies at all because of the inconvenience of managing them and the productivity of the company’s workforce. About 25% enforce the policies but not universally, only in specific departments. 

For 38% of the interviewed workers, their companies do not engage in robust security policies, so the enforcement process is not very strict.

READ ALSO: Identity Theft Is Not A Joke, Jim [MUST READ Parody]

Password managers like 1Password continue to make tasks easier for the IT department, and 89% of IT employees confirm this. 57% attest to password managers helping them save time and frustration, while 37% confirm it helps improve productivity. 

They also help create happier employees, according to 26% of the staff, and another 26% attest to it helping prevent cyberattacks.

READ ALSO: How To Remotely Access Corporate Data Securely Without A VPN

Identity and Access Management (IAM): A Month Out of Your IT Year – FAQs

What is the identity and access management cycle?

The identity and access management (IAM) cycle refers to the ongoing process of managing user identities and their access privileges within a system or network. It’s a continuous loop that ensures the right people have access to the right resources at the right time.

What is the identity and access management process?

The IAM process typically involves several key stages:

  1. Provisioning: Creating new user accounts and assigning them initial access levels based on their role.
  2. Access Management: Granting or denying specific permissions to access resources (applications, data, systems) based on user roles and responsibilities.
  3. Governance & Compliance: Defining policies and procedures for user access and adhering to relevant security regulations.
  4. Monitoring & Auditing: Tracking user activity and access attempts to identify anomalies or suspicious behavior.
  5. Review & Re-certification: Regularly review user access privileges and adjust them based on role changes, promotions, or terminations.
  6. Deactivation/deprovisioning: Revoking access and potentially deleting user accounts when employment ends or access is no longer required.

What is the identity and access management standard?

There isn’t a single, universally mandated IAM standard. However, several industry best practices and frameworks guide IAM implementation. These frameworks like NIST (National Institute of Standards and Technology) provide secure identity and access management guidelines.

What are the stages of identity and access management?

The stages mentioned previously (provisioning, access management, governance, monitoring, review, deactivation) represent the core stages of the IAM lifecycle. While the specific names or order might vary slightly depending on the chosen framework, these stages ensure a comprehensive approach to user identity and access throughout their time within the system.

An important takeaway is that IAM is not a one-time setup. It’s a continuous cycle that requires ongoing monitoring, review, and adjustments. While a month of dedicated effort might be dedicated to initial setup or policy refinement, maintaining a secure IAM system is essential to any IT department’s ongoing responsibilities.

Note: This was initially published in August 2020, but has been updated for freshness and accuracy.

CHECK OUT:

Twitter Hack: Major Celebrities accounts used for Bitcoin Scam

John Raymond | ✔️Fact-checked by: Christian Schmitz
-
1
Twitter Hack: Major Celebrities accounts used for Bitcoin Scam

The social media landscape witnessed a shocking event on July 15th, 2020. Twitter, a platform boasting over 330 million monthly users at the time, was struck by a cyberattack that compromised the accounts of prominent celebrities and corporations.

This wasn’t a random targeting of a few profiles; verified accounts with millions of followers, including those belonging to Elon Musk, Apple, Joe Biden, Jeff Bezos, and even former presidents like Barack Obama, were hijacked.

2020 Twitter Hack: A Daring Bitcoin Scam

The motive behind the hack was a brazen Bitcoin scam. Hackers gained control of these high-profile accounts and tweeted messages promising to double any Bitcoin sent to specific wallet addresses.

The tweets, often crafted to appear legitimate, enticed unsuspecting users. A common tactic involved requesting $1,000 in Bitcoin with the promise of receiving $2,000 in return.

The allure of doubling their money proved irresistible to some, leading to a reported loss of over $100,000 in stolen Bitcoin.

A Sophisticated Breach Exposes Security Gaps

The scale and sophistication of the attack were unprecedented. Investigators concluded it wasn’t a random attempt but a meticulously planned operation.

Hackers breached Twitter’s internal systems, bypassing security measures to gain control of these highly coveted accounts. The ease with which they navigated Twitter’s defenses pointed towards potential vulnerabilities within the platform itself.

Twitter Reacts and Locks Down Accounts

Hours after the initial breach, Twitter acknowledged the situation through its official support channel.

While details remained scarce, they advised users to reset their passwords and implement additional security measures. Notably, some verified accounts were temporarily restricted from tweeting, presumably to prevent further exploitation.

Social Media’s Vulnerability to High-Profile Scams

The incident highlighted the susceptibility of social media platforms to cyberattacks, particularly those targeting high-profile accounts. Bitcoin scams, although not new on Twitter, were amplified by the sheer number of compromised accounts involved.

Leveraging the trust associated with verified profiles, the hackers effectively bypassed the skepticism users might usually hold towards such financial offers.

READ ALSO: Controlling Data Breach And The Use Of DRM For Document Security

Tracing the Hackers: A Challenge in the Blockchain Age

Unfortunately, the decentralized nature of Bitcoin transactions made tracing the perpetrators a significant challenge.

Publicly available wallet addresses offered little in identifying the hackers, as the blockchain technology behind Bitcoin prioritizes anonymity.

Unconfirmed Rumors and Questions of an Insider Job

Amidst the chaos, unconfirmed reports on Twitter emerged, pointing the finger at a former Twitter developer, Samuel Hyde (@inteldotwav). However, Twitter never officially addressed this claim, leaving the true identity of the hackers shrouded in mystery.

The possibility of an “inside job” raised crucial questions about Twitter’s internal security protocols. If the breach originated from within the company, it indicated a significant vulnerability in access control and employee vetting procedures.

Individual Responsibility: Securing Your Accounts

However, focusing solely on the attacker diminishes the importance of individual account security. Regardless of the hack’s origin, Twitter users have a responsibility to safeguard their accounts.

Fortunately, Twitter offers robust security features like two-factor authentication (2FA), which adds an extra layer of protection during login attempts. Implementing 2FA significantly strengthens your account’s resilience against unauthorized access.

Read Also: The Must Dos And Don’ts For Protecting Your Password And Personal Data

Beyond 2FA: The Importance of Strong Passwords

Beyond 2FA, the importance of strong passwords cannot be overstated. Complex passwords incorporating a mix of uppercase and lowercase letters, numbers, and symbols are significantly harder to crack than simple, predictable phrases. Regularly changing your password further enhances security.

2020 Twitter Hack: Frequently Asked Questions

How did Twitter get hacked?

The attackers used social engineering, a tactic where they manipulated people into giving away information. They likely targeted Twitter employees with phishing emails or phone calls, tricking them into revealing login credentials or access to internal systems. This gave the hackers a foothold within Twitter, allowing them to hijack high-profile accounts.

READ ALSO: Identity Protection Explained in Fewer than 140 Characters

What was the Twitter phishing case in July 2020?

The July 2020 Twitter hack involved a social engineering attack that compromised numerous verified accounts. Hackers gained access and used them to promote a Bitcoin scam, defrauding unsuspecting users.

When was Twitter last hacked?

There have been other hacking incidents on Twitter besides the July 2020 event. However, it’s important to note that successful large-scale hacks like this one are uncommon.

How many accounts were hacked on Twitter?

Twitter has undisclosed the exact number of hacked accounts in July 2020. However, reports suggest it involved over 130 accounts, including many high-profile verified users.

How do your accounts get hacked?

There are various ways your accounts can be hacked. Phishing emails and fake websites are common methods. Here are some tips to protect yourself:

  • Be cautious of suspicious emails and links. Don’t click on links or attachments from unknown senders.
  • Use strong, unique passwords for each account. Consider a password manager to help you create and manage complex passwords.
  • Enable two-factor authentication (2FA) on all your accounts whenever possible. This adds an extra layer of security during login attempts.
  • Beware of social media scams. If an offer seems too good to be true, it probably is. Don’t send money or personal information based on unsolicited messages.

A Lasting Impact: Lessons Learned

The 2020 Twitter hack served as a stark reminder of the ever-evolving cyber threat landscape. It exposed vulnerabilities within the platform and highlighted the importance of user vigilance.

By implementing robust security measures like 2FA and strong passwords, users can take control of their online safety. Social media platforms are also responsible for continually strengthening their defenses and prioritizing user account security.

This Twitter hack incident serves as a cautionary tale, urging users and platforms to remain vigilant and proactive in the face of evolving cyber threats. The digital landscape is constantly changing, and both individual and collective efforts are crucial to maintaining a secure online environment.

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.

INTERESTING POSTS

4 Common VPN Encryption Protocols Explained

Amaya Paucek | ✔️Fact-checked by: Angela Daniel
-
0
4 Common VPN Encryption Protocols Explained

In this post, we will discuss the VPN encryption protocols.

VPN services have found widespread use among individuals and corporate organizations, especially for their data encryption abilities. Different VPN services use different encryption protocols to encrypt users’ data traffic. 

Here, I will unravel the encryption protocols VPN service providers use and how they encrypt data.

VPN Encryption Protocols Explained

A virtual tunnel between your device and the VPN server (network) you’re connected to is automatically created when connected to a VPN server.

Data transmitted through this virtual encryption tunnel is encrypted (encoded) using some VPN protocols based on the VPN service provider’s preference.

The encryption protocol scrambles your data traffic into unreadable formats while transmitting it to and from your device to prevent data hijacking.

READ ALSO: The Ultimate VPN Guide – What Is A VPN?

Is VPN Encryption Secure?

Is VPN Encryption Secure

Most VPN protocols use symmetric-key encryption, which means both the users’ computers and the servers share a standard key for encrypting and decrypting data traffic from users’ devices.

The encryption protocol’s strength and complexity depend on the encryption keys’ length. Most VPNs use the AES-128 and 256bit encryption keys.  

To put this in perspective, since computers use only zeros and ones to carry out tasks, then a 128-bit encryption key will consist of 128 zeros and ones in a specific combination (key), which will require 6.2X1057 possible combinations of zeros and ones to guess the right key.

The above implies that it will take approximately one quintillion (a billion x billion) years for the most powerful computer in the world with a speed of 93.02 petaflops to guess the right key combination for decrypting 128-bit encrypted data!

You guessed right; the hackers don’t have such resources, and they wouldn’t be around that much considering the impossible amount of time it will take to achieve such a feat. This gives you an idea of how secure a VPN encryption is.

Choosing the right VPN encryption protocol involves understanding your priorities and the strengths and weaknesses of each option. Consulting with a reputable VPN provider can help you select the best protocol for your needs.

Common Types Of VPN Protocols

Common Types Of VPN Protocols

VPN protocols refer to instructions and processes that create a secure connection between a user’s device and the VPN server. They determine how the user’s data is routed through a connection. 

Based on the user’s needs, some VPN protocols emphasize security at the expense of speed. However, a suitable VPN protocol should be optimized for speed and security. 

1. OpenVPN

OpenVPN protocol uses a combination of SSL (Secure Socket Layer) and TSL (Transport Layer Security) encryption to establish a secure connection tunnel between the user’s device and the VPN server. 

A VPN encryption protocol comprises two components: the data channel and the control channel encryption. 

  • The data channel: The data channel uses an encryption algorithm (cipher) to scramble data traffic from the user’s device. 
  • The Control channel encryption: The control channel encryption uses Transport Layer Security (TSL)to establish a secure connection between a user’s computer and the VPN, combining hash authentication, handshake encryption, and cipher.

2. IKEv2/IPsec

Microsoft and Cisco designed Internet Key Exchange version 2 to succeed IKEv1. IKEv2 creates a secure connection between a user’s device and the VPN server using a security association protocol (SA protocol) to authenticate the user’s device and the VPN server.  

IKEv2 uses a symmetric encryption key to authenticate the user’s device and the VPN server and establish a secure connection between them.

Mobile devices widely use it to create reasonably secure and fast VPN protocols, and it is preferred over OpenVPN protocols for stability.

3. L2TP/IPsec

The Internet Service Provider (ISP) uses the Layer Two Tunneling Protocol (L2TP) to smooth online VPN functioning.

L2TP uses a combination of PPTP (point-to-point Tunneling Protocol) and (Layer 2 Forwarding Protocol) (L2F) to create a secure connection between a user’s device and the VPN server. 

L2TP slows internet connectivity speed, relies on IPSec to encrypt and authenticate data traffic between the user’s device and the VPN server, and does not have intelligent tools to bypass firewalls.

4. WireGuard

WireGuard is a new VPN protocol created to offer advantages in aspects where OpenVPN and IPsec are lacking.

Hence, it gives users a highly stable connection, simple setup, and lighter codebases of about 4000 lines (making spotting bugs easier), about 1% of OpenVPN and IPsec’s codebases.

READ ALSO: Best VPN For 2023: Top Picks Reviewed by Our VPN Experts

Common VPN Encryption Protocols: Frequently Asked Questions

What are common VPN encryption protocols?

A VPN encryption protocol dictates how data is scrambled and secured while traveling between your device and the VPN server. Some of the most common VPN encryption protocols include:

  • OpenVPN: Known for its strong security and open-source nature, allowing for independent audits and scrutiny.
  • IKEv2/IPsec: A combination that offers a good balance of security and speed. IKEv2 handles the key exchange, while IPSec encrypts the data.
  • L2TP/IPsec: Similar to IKEv2/IPsec, L2TP acts as a tunneling protocol, and IPSec provides encryption.
  • WireGuard®: A newer, lightweight protocol that prioritizes speed and ease of use while maintaining strong encryption.
  • SSTP (Secure Socket Tunneling Protocol): A Microsoft-developed protocol that offers good compatibility with Windows devices but may be less secure than other options.

Which encryption protocols might be used to secure a VPN?

The specific protocol a VPN service uses depends on the provider. Most reputable VPNs offer a choice between several protocols, allowing you to prioritize security, speed, or compatibility based on your needs.

READ ALSO: How to Use a VPN to Protect Your Online Privacy

What encryption should I use for a VPN?

The ideal encryption protocol depends on your priorities:

  • For maximum security: Choose OpenVPN or IKEv2/IPsec.
  • For a balance of security and speed: Consider IKEv2/IPsec or WireGuard®.
  • For ease of use and compatibility: WireGuard® or SSTP might be suitable options (though keep security in mind with SSTP).

What are the 4 main types of VPN?

There isn’t a standardized categorization into “4 main types” of VPNs. However, VPNs can be broadly classified based on their functionality:

  • Remote Access VPN: Allows secure connection to a private network, often used for corporate access.
  • Site-to-Site VPN: Connects two separate networks for secure data exchange, commonly used by businesses.
  • Point-to-Point VPN: Creates a secure tunnel between two individual devices.
  • Mobile VPN: Designed for use with smartphones and tablets, often focusing on ease of use.

What are three types of protocols used by a VPN?

There isn’t a fixed set of three protocols used by all VPNs. The most common ones include OpenVPN, IKEv2/IPsec, L2TP/IPsec, WireGuard®, and SSTP. However, some VPNs might offer additional or less common protocols.

What are the 3 main protocols that IPsec uses?

IPsec itself is a suite of protocols, not a single protocol. The three main protocols within IPSec are:

  • Authentication Header (AH): Ensures data integrity and origin verification.
  • Encapsulating Security Payload (ESP): Encrypts data for confidentiality.
  • Internet Key Exchange (IKE): Establishes a secure tunnel and manages key exchange for encryption and authentication.

Wrap-Up: What Is The Best VPN Encryption Protocol?

Since WireGuard is a ‘work in progress’ VPN protocol, it is best to settle for OpenVPN protocol since it offers users speed, a highly secure connection, and a reasonably stable connection.

Although there are many more VPN protocols than listed here, it is best to choose a suitable one optimized for speed and data security. 

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.

RELATED POSTS

Exclusive Interview with Mark Stamford, CEO of OccamSec

Daniel Segun | ✔️Fact-checked by: Angela Daniel
-
0
Exclusive Interview with Mark Stamford, CEO of OccamSec

In this exclusive interview, we spoke with Mark Stamford, CEO of OccamSec to learn more about enterprise cybersecurity technologies, Radius vendor assessment, and more about their company offerings.

OccamSec is an information security company that provides penetration services. Founded in 2010, OccamSec has evolved into becoming a leading cybersecurity technology provider for enterprises.

Here are Mark’s response to our questions:

1. Question: Your company performs lots of penetration tests, what can you say about the cybersecurity state of most online systems you’ve tested?

Mark Stamford: The general state has improved. Security technologies continue to improve, as has the understanding of risk and security. There are a range of accepted “best practices” which if followed will deter the average hacker. The gaps that remain after that are really the ones that continue to be tricky to fix because they are tricky to find. A lot of our work is in this space – what are the technical issues that are going to cost me my company/job/etc..? and how do we fix them.

The bigger issue is how organizations approach security. For all the articles we read about companies implementing security technologies there are many more who are still considering how best to proceed, and even if they need to. Case in point I was on a panel around cybersecurity, one of the audience asked: “why do we need computers?” I am going to assume their security is not so great..

2. Question: With Radius 2.0 recently released, what was the primary motive behind its initial launch and development?

Mark Stamford: There are two reasons, the first is we work with a lot of companies, almost universally, third party risk management tools annoy people. We figured we should try and make a better one.

The second is we believe that assessing the cybersecurity risk of an organization requires you to consider vendors you use. Each one is a potential hole into your network 20 years ago I used a data feed company to breach another, vendors are only more prevalent since then.

Radius enables us to provide a solution to solve our clients’ problems, and better assess how exposed they are.

3. Question: What are the core values you look after for individuals who wish to join your team?

Mark Stamford: OccamSec is a team, so the ability to play well with others is critical. For a long time, any new potential team member had to jump on a call with the whole company, if anyone got a bad vibe, or knew the candidate and that they wouldn’t fit, we would not proceed with them. We have eased up on that a little, but we still try to expose candidates to as much of the team as we can and make sure they are going to be a good fit.

We need people who are able to think and apply their knowledge to solving problems. Every project we do is different, from penetration testing a medical device, to physically breaching an oil facility, and everything in between. Enjoying solving problems, and realizing that the solution is different each time is key. Also realizing that you need to continuously learn to be good at your job. Technology, and security, are constantly changing, to be good at this you have to want to keep up.

Finally, we don’t do the corporate thing, we have no dress codes, no fixed office hours, you can talk about what you want, and we minimize office politics. Acceptance of that culture and the ability to thrive in it is vital.

4. Question: What counter-measures would you recommend to online entrepreneurs to minimize the risk of cyber-attacks?

Mark Stamford: First, try to not read too much coming out of the information security industry. So much is based around FUD (fear, uncertainty, and doubt). Instead think about what your business does, what you want to achieve, and how you want to achieve it. Spend some time considering how it could go wrong – what is your worst day? Then talk to someone in InfoSec and determine what the threats are, where you are vulnerable then fix them.

Too often we see tools being deployed as some kind of silver bullet. That never works, so save your money and start with some questions.

At a technical level, make sure you patch your software, this is the single easiest (and cheapest) way to lower your chance of having a problem.

5. Question: As a New York-based company, how is the presence of OccamSec in other continents? Are you planning on extending your reach anytime soon?

Mark Stamford: Our  HQ is in NYC and then we have team members across the US. We also have a team in London and Dubai. With the UK leaving the EU we’re looking at spinning up a team in mainland Europe. There’s been some discussion around Australia, although it is very early.

One good thing about our work is we can employ people regardless of where they are, all you need is an internet connection.

6. Question: What have been your significant achievement(s) in 2020 so far?

Mark Stamford: Navigating the current pandemic and ensuring our staff is ok. While business goals are important, without our team we would not exist. I am proud of the way the team has been through this and the support they have provided each other.

Note: This was initially published in July 2020, but has been updated for freshness and accuracy.

RELATED POSTS

1...646566...150Page 65 of 150

IMPORTANT LINKS

NAVIGATE

CONNECT

OUR MISSION

SecureBlitz is a cybersecurity blog owned by SecureBlitz Cybersecurity Media. that covers tips, how-to advice, tutorials, the latest cybersecurity news, security solutions, etc. for cybersecurity enthusiasts. Our mission is to ignite a cybersecurity revolution by providing accessible and actionable insights to fortify your digital defenses. Join us in building a safer online world!

FOLLOW US

© 2024 SecureBlitz Cybersecurity | All Rights Reserved