Many years ago, one of my customers had an internet-facing application. They positioned load balancers in front of the application to support the growing traffic load. Traffic to the website was growing so fast, that parts of the network infrastructure could not support the customer load.
If you have signed into Gmail and noticed that you were also able to access Google portfolio apps such as Google Maps, YouTube, Google Play, Google Photos and other Google applications, you are already using SSO! The user logs in once to a Google account, and has access to other Google applications.
Security is an ever-evolving concept in theory and application. It is important to deploy and leverage technologies that can adapt and change with our security models. In the technology world, when the networking and application protocols were initially developed, minimal thought was given to security. Protocols like Telnet, FTP, DNS, SMTP, and even HTTP were designed for function and user-experience, not integrity.
The following is an excerpt from our 2016-2017 Global Application & Network Security Report, contributed by the Enterprise Security and Risk Management Team at Tech Mahindra.
Happy Near Year! Another year has come and gone in the blink of an eye. 2016 brought with it several interesting threats and attacks in the cyber-security space, among them the largest DDoS attack in history, the enslavement of Internet of Things (IoT) devices by botnets, the rise of cyber ransom and more – all of which we have dutifully reported here on the Radware Blog.
You, our readers, are what drive our dedication and commitment to industry insight. So what did you think of 2016? We’ve compiled a list of the top 5 blogs you most loved from last year.
Social Engineering is a process of psychological manipulation, more commonly known in our world as human hacking. The sad reality behind Social Engineering is it is very easy to do. In fact, it’s so easy that even a teenager can do it and destroy your company, all on a Friday night. The goal is to have the targeted victim divulge confidential information or give you unauthorized access because you have played off their natural human emotion of wanting to help. Being nice is a human trait and everyone wants to be kind and helpful. If you give someone the opportunity to save the day or to feel helpful, they will most likely divulge the information required. Most of the time the attacker’s motives are to either gather information for a future attack, to commit fraud or to gain system access for malicious activity.
Hypertext Transfer Protocol (HTTP) is the protocol used primarily for communication between the user’s browser and the websites that users are accessing. Introduced in 1991, with a major revision in 1999 to HTTP 1.1, HTTP protocol has many limitations. In 2009, engineers at Google redesigned the protocol in a research project called SPDY (pronounced “speedy”) to address some of HTTP 1.1 limitations.
Websites in the early 90’s when HTTP was introduced were markedly different from today’s websites. In February 2015 the Internet Engineering Task Force (IETF) introduced a new version, HTTP/2, to keep up with the evolution that internet has undergone since the early 90’s.
Most recently I traveled to Mexico City in large part to support a tradeshow and presentation I was to deliver at Segurinfo Mexico 2016.
My hat’s off to the organizers of Segurinfo Mexico 2016, which is held in Mexico City every year as they held a very powerful event! Over the past few years this event has continued to build attendance and interest at a brisk pace as they achieved a record high attendance and a wonderful gathering of vendors and practitioners alike. All-in-all, I believe that if one couldn’t learn something from the Segurinfo Mexico 2016 show then the problem probably laid more with the seeker than the organizers of this show!
You never know what you are going to get when you take something from a box of chocolates. I can guarantee you that sometimes you will get one that you like, and other times, well, you know. When I was younger, my mom used to pick up a chocolate and poke through the bottom of it to see what was inside. If she didn’t like it, she would put it back in the box for someone else (read: the kids) to eat.
Managing security on the network is very similar. There are many different types of attacks and it is important to have security solutions that can manage as many as possible. Some of the attacks are easy to identify and mitigate, while others are less appetizing to deal with. Different attack types need to be detected and mitigated. Like my mom, some attacks are better suited to be identified in one location and mitigated (eaten) in another.
According to Gartner, on average, 28 percent of IT spend occurs outside the IT department today. IT behind IT’s back, commonly called shadow IT, is primarily driven by easily available cloud services. Mobile growth and work shifting practices enables the shadow IT further with employees’ desire to work from anywhere. Shadow IT are typically services and applications that an organization’s IT department has had no role in selecting or vetting, and IT may not even be aware that these services and applications are being used within the network.
Convenience and productivity are often the drivers for adopting shadow IT. Employees deploy solutions that are not approved by their IT departments and many times, the reasoning is that going through the traditional route for approvals is too complicated or time consuming.