Skip to main content

Home/ CSIA 459/ Group items tagged security

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Alvin Thomas

Cybersecurity -- Emerging Technologies in Cybersecurity « WHS WHS - 10 views

www.womeninhomelandsecurity.com/cybersecurity

shared by Alvin Thomas on 06 Mar 13 - No Cached
  • Alvin Thomas on 24 Mar 13
     
    This is a cool and insightful article regarding emerging cyber security technologies. 
  • Phil Kemp on 24 Mar 13
     
    I think the part about centralizing a "single federal enterprise network" is a great idea. The federal government has started doing this with things such as the FDCC (Federal Desktop Core Configuration), as well as SCAP (Security Content Automation Protocol), but I think there still needs to be much more. Allowing each federal agency to have their own cyber security within the U.S. seems a little crazy. I think setting one agency to protect the national infastructure, ie the borders of the U.S., down to each agencies front door needs to be standard. Agencies like DOD who have their own Cyber operations centers need to be properly trained and educated if they are going to defend infrastructure. Formalized training needs to be done at the federal level as well as the Civilian level. If you are going to be a security practioner, you must have the credentials, and I am not talking just a Sec+. I think it is time we up the standards on who we call a CyberSecurity professional.
  • James Thomas on 24 Mar 13
     
    Interesting article and objective given. Connecting government cyber operations centers, I think that this will be a hugh, and important step toward achieving a higher level of security. Good read!
Amy Harding

Security Pitfalls in Cryptography - 30 views

www.schneier.com/essay-028.pdf

shared by Amy Harding on 06 Mar 13 - No Cached
  • Amy Harding on 06 Mar 13
     
    Does this article from 1998 still hold true today?
  • Phil Kemp on 23 Mar 13
     
    I believe this article is still very relevant. After reading Bruce Schneier's article, one of the things I took away was his comment regarding the inherent lack of security created by implementers of tamper resistant methodologies, such as smart cards, and biometric technologies. If these systems fail, we want to make sure that we can still access the resource which is being protected, so we tend to build insecure systems in place to bypass the tamper resistant security. In the end, things like biometrics and smart cards seem to be built more for convenience, instead of security. A similar affect is pointed out in the article when users give their access tokens to others so they can do their work. As long as the human element has control in the implementation of security, the risk of failure will always be there, no matter how great the security method is.
samuelrios

Homeland Security Drones Designed to Identify Civilians Carrying Guns - 4 views

www.breitbart.com/...entify-Civilians-Carrying-Guns

shared by samuelrios on 23 Mar 13 - No Cached
  • samuelrios on 23 Mar 13
     
    Recently uncovered government documents reveal that the U.S. Department of Homeland Security's (DHS) unmanned Predator B drone fleet has been custom designed to identify civilians carrying guns and track cell phone signals. "I am very concerned that this technology will be used against law-abiding American firearms owners," said founder and executive vice president of the Second Amendment Foundation, Alan Gottlieb.
  • ...2 more comments...
  • James Thomas on 24 Mar 13
     
    Good read. After reading this and another related article (http://news.cnet.com/8301-13578_3-57572207-38/dhs-built-domestic-surveillance-tech-into-predator-drones/) There's a fine line which must be established before the full use of this technology, however it does raise concerns for the future in terms of privacy. It's primary purpose for homeland security is the survey the borders of the united states. There are certainlly risks involved in its use. Ensuring that this technology is effectively secured from attacks to its onboard weapons and communications systems is equally important to the issues raised in the articles.
  • Jawaun Luckey on 24 Mar 13
     
    Good post I've heard chatter about drones being flown over the USA before. I could see the benefits of using drones for recon and counter terrorism, but this opens the door for much larger issues. Where will line be drawn in the sand as far as citizen privacy and avoiding the "big brother" hysteria?
  • glenn_g on 24 Mar 13
     
    The power these drones represent is incredible. I can easily see how the can (and will be) abused. As Jammes pointed out, the Primary purpose of DHS is securing our nations borders, yet I have read of DHS rading peoples homes because of an "improperly" imported car! Not to sound like I am about to put a tinfoil hat on, but I do see the distinct possibility of the banning of firearms in this country as happened in England in 1997. These tools will be in place well before that day.
  • Ben Garey on 24 Mar 13
     
    The use of Drones in the field as a tool to fight the fight on the borders is one thing, using them as a tool to fight terrorism is still another, but using them as tool to spy on the people of the United States is another. I think this is one that the United States Supreme Court will be deciding soon.
Phil Kemp

Massive casino scam pulled off via CCTV system compromise - 4 views

www.net-security.org/secworld.php

CCTV Gambling hack

shared by Phil Kemp on 18 Mar 13 - No Cached
  • Phil Kemp on 18 Mar 13
     
    While society is looking to use technology for it's benefits, there are many pitfalls, and adverse uses for this same technology. This article discusses how the use of CCTV systems for ensuring that players do not cheat was used against the same system, to do the very thing it was protecting against. We as technology professionals should be very congnizant of the security risks that the technology we recommend or put in place, may have alternate uses, which may be used against us, and thereby causing more damage than it helped to protect.
  • ...3 more comments...
  • Ken Ripley on 24 Mar 13
     
    Good article and I like the site. Haven't been there before. Looks like a good site to find out current news articles for another class I'm taking. Thanks!
  • Trevor Pyle on 24 Mar 13
     
    I read about the scam shortly after it happened, but the article I read didn't provide nearly as many details. Thanks for the article and I think there might be more people unemployed than just the VIP services manager.
  • Seth Molin on 24 Mar 13
     
    Phil you are so right about an organization own security technology being used against them. This is a great example of that. It is important when implementing technology to fully analyze its impact, that includes vulnerabilities and threats. A good change managment policy can help reveal problems like this. I wonder if there was an insider involved or maybe the casino failed to properly protect the network.
  • Lee Seranni on 24 Mar 13
     
    Phil, This is very interesting. You would have thought the casino would have better security than that on their system. It also suprises me that if you were in a game with that much money why did they not see the receiver the person had. A simple pat down could have reveiled it. It is scary what technology can do in the wrong hands. Lee
  • Ben Garey on 24 Mar 13
     
    Winning is one thing, but stacking the deck is another. I would have thought that a casino would have a better way of securing their systems. Ben
Amy Harding

http://www.safegov.org/media/46155/measuring_what_matters_final.pdf - 3 views

www.safegov.org/...asuring_what_matters_final.pdf

shared by Amy Harding on 27 Mar 13 - No Cached
  • Amy Harding on 27 Mar 13
     
    Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report released Tuesday.
  • Ben Garey on 31 Mar 13
     
    Safegov has an interesting approach to cybersecurity. I feel the framework an effective way to approach security. Ben
  • samuelrios on 31 Mar 13
     
    The legislation proposal aims at achieving cybersecurity due to increased network threats in government and in organizations. Educating the public and the use of cyber security technologies have great impacts on government agencies. Our government department comply with NIST and ISO/IEC, and the two bodies help in enhancing privacy and security in the national and international levels. It is important to identify efficient operational, technical and management security controls in a comprehensive computer security plan. Risk assessment in management control assists in identification of risks and in putting up risk assessment policies. Operational controls have their basis on restrictions to access information resources and in user permissions. Sam
Marie Arrington

Six security issues to tackle before encrypting cloud data - 1 views

www.computerweekly.com/...e-before-encrypting-cloud-data

shared by Marie Arrington on 15 Jul 13 - No Cached
  • Marie Arrington on 15 Jul 13
     
    Concern about security and privacy in the cloud will drive adoption of cloud encryption systems, but Gartner warns there are six security issues that businesses should tackle. The expected compound annual growth rate of software as a service (SaaS) from 2011 to 2016 is 19.5%, platform as a service (PaaS) 27.7%, infrastructure as a service (IaaS) 41.3% and security services spending 22%.
Amy Harding

The 15 worst data security breaches of the 21st Century - CSO Online - Security and Risk - 9 views

www.csoonline.com/...y-breaches-of-the-21st-century

shared by Amy Harding on 06 Mar 13 - No Cached
  • Seth Molin on 22 Apr 13
     
    Interesting read, the Dept. of VA breach is a good reminder about physical security. It seems that quite often we focus so much on the technical that the fundamental is overlooked. It find it interesting that they have Stuxnet on this list. It is my understanding that Stuxnet was not really a data breach but more of a process breach.
paksingtham

Growing Data Security Concerns to Drive Global Market for Keystroke and Typing Dynamics... - 4 views

www.prweb.com/...prweb10540997.htm

shared by paksingtham on 18 Mar 13 - No Cached
  • Michael Austin on 24 Mar 13
     
    I can't see this being used much for single factor authentication, but I could certainly see it being used on top of a username/password setup to bolster the security of that password. Another useful application for this would be to augment an anomaly based IDS running on the user's system. If keystroke patterns/dynamics exceed standard deviation, an alert could be sent to the help desk or security, who could then verify the identity of the user.
  • Trevor Pyle on 24 Mar 13
     
    I could see some companies implementing keystroke and typing dynamics depending on their sector and security posture. However, depending on the sensitivity of the software, they could receive a lot of false positives. I've personally noticed my typing speed fluctuates drastically depending on the time of day. Nevertheless, I could see more companies deploying the software depending of their budget.
  • Seth Molin on 24 Mar 13
     
    It seems that there are way to many variables for this technology to really take off. I agree with trevor that there is potential for a high volume of false positives. I also see potential for a high volume of false negatives. This technology seems as though it could end up being extremely frustrating for the end user.
Amy Harding

Down the Security Rabbithole - 0 views

podcast.wh1t3rabbit.net/ise-security-in-the-real-world

shared by Amy Harding on 29 Apr 13 - No Cached
  • Amy Harding on 29 Apr 13
     
    If you like podcasts this is interesting - helping to understand that security does not really exist and instead we are just managing risk.
Marie Arrington

UW Experimental Computer Engineering Lab - Securing Emerging Technologies - 0 views

www.excel.washington.edu/...secure.html

shared by Marie Arrington on 08 Jul 13 - No Cached
  • Marie Arrington on 08 Jul 13
     
    Unexpected security risks can arise with new, emerging computer technologies. We seek to stay one step ahead of the "bad guys" and identify, measure, and learn from their risks before actual threats manifest. We co-led the first experimental study of the computer security properties of wireless implantable medical devices.
Gilbert Rivera

Secure, Dependable and High Performance Cloud Storage. - 0 views

www.utdallas.edu/...UTDCS-51-09.pdf

Annotated Bibliography

shared by Gilbert Rivera on 07 Jul 13 - No Cached
  • Gilbert Rivera on 07 Jul 13
     
    Cloud Data Storage: Annotated Bibliography The authors in the document provide technical details on securing data on the cloud. It shows guides system administrators on the use of Access Control Lists (ACLs), program scripting, and how to implement several methodologies and techniques to maintain a high level of security of data in the cloud. This is a very technical report but is helpful to show insight on how system administrators maintain a secure backbone in the cloud.
Gilbert Rivera

EBSCOhost: Storing Information in the Cloud - A Research Project - 0 views

ezproxy.umuc.edu/login

shared by Gilbert Rivera on 07 Jul 13 - No Cached
  • Gilbert Rivera on 07 Jul 13
     
    Cloud Data Storage: Annotated Bibliography In this research document, the authors provide us with a study of data storage in the cloud. It focuses on the management, operation and security of data stored for long periods of time in the cloud. This item is useful for the fact that it can present several demographics to business regarding cloud computing security, data storage functionality and also cites several business surveys that can assist in organizations to make the decision to migrate to cloud computing services and data storage.
Marilyn Morgan

Naked Security - 2 views

nakedsecurity.sophos.com

shared by Marilyn Morgan on 09 Jul 13 - No Cached
  • Marilyn Morgan on 09 Jul 13
     
    Naked Security - Computer security news, opinion, advice and research.
  • cpanagopulos on 13 Jul 13
     
    This site has great daily news on a variety of security topics from malware to privacy. I like the blog post styled interface that this site incorporates. This sets it apart from standard news feed sites.
  • Bob Lloyd on 20 Jul 13
     
    Thank you for the link. This is a good source or quick news bites.
Amy Harding

Cryptographic Module Validation Program (CMVP) - 8 views

csrc.nist.gov/...index.html

NIST CMVP

shared by Amy Harding on 05 Mar 13 - No Cached
  • Amy Harding on 05 Mar 13
     
    Read and explore this NIST website. Do you see any products that are you are familar with? Can you determine how this program enhances the security of these products?
  • Phil Kemp on 21 Mar 13
     
    After looking through the website, I found the Vendor list for 140-2, which provides what I would think is the complete product list of Vendors and products which meet the standard. A couple items which meet the standard are Microsoft Windows 7 Bitlocker Drive Encryption, and Research In Motions Blackberry Cryptographic Kernel. It is important that the CMV Program is in place within the U.S. If we are going to rely on encryption to keep our secrets safe, then the products we use to encrypt our data, need to be checked to ensure they are secure.
Amy Harding

Scope Of APTs More Widespread Than Thought - Dark Reading - 3 views

www.darkreading.com/...e-widespread-than-thought.html

shared by Amy Harding on 05 Mar 13 - No Cached
  • Amy Harding on 05 Mar 13
     
    Researcher uncovers hundreds of different custom malware families used by cyberspies -- and discovers an Asian security company conducting cyberespionage
  • Phil Kemp on 21 Mar 13
     
    This article raises some serious questions in my opinion. As we move more into an environment where cyber warfare is to be used against different countries, where are the lines drawn between declaring war. As this article discusses, it is not as easy to see who actually was behind the attack, and an attack coming from Chinese, or some other countries IP space, is not neccessarily a state sponsored attack, nor is it neccessarily coming from someone inside the country. In a hack back scenario, it could be determined after the fact that whatever country was thought to initiate the first move, was actually a victim of a "zombie/bot" type of controlled attack that was actually initiated in another country. Can you say, Wargames? Edited 3222013: as I spoke yesterday, today guess what? http://news.yahoo.com/skorea-misidentifies-china-cyberattack-origin-071350510.html
Amy Harding

The Security Content Automation Protocol (SCAP) - NIST - 5 views

scap.nist.gov

shared by Amy Harding on 06 Mar 13 - Cached
  • Amy Harding on 06 Mar 13
     
    Using the links to the left of the screen, click around the SCAP website and think about how this protocol could help organizations manage their security vulnerabilities. Does your organization use SCAP?
Amy Harding

Security Requirements for Cryptographic Modules - 4 views

csrc.nist.gov/...fips1402.pdf

shared by Amy Harding on 06 Mar 13 - No Cached
  • Amy Harding on 06 Mar 13
     
    This standards publication (FIPS 140-2) is a key standard's document. Skim through it and see if you can find some ideas for emerging threats against the standard(s).
  • ...1 more comment...
  • Dan Schulman on 20 Mar 13
     
    FIPS 140-3 is on its way and is needed as 140-2 is quite old now. Interestingly however, crypto is one of the slower moving changes in information security. Many of our algorithms have been around for many years; we have moved forward by increasing key size rather than changing the algorithms. AES and 3DES are still FIPS approved, whereas RC4 is not (which is used by many internet giants such as google and facebook).
  • Phil Kemp on 02 Apr 13
     
    Any time you are allowed to introduce code into a program, you have a chance for error. By allowing cryptographic software and firmware to be updated, I think you will always have the chance for emerging threats to be introduced in the form of malware. Recently, the U.S. has stopped allowing the use of Chinese built hardware for certain DOD/ Federal agencies. if we allow the enemy to build the devices we use to form our security foundations, we have already lost the war.
  • samuelrios on 03 Apr 13
     
    I believe the frequency of review of this policy is untimely to the speed technology advances in. If they could move the review from 5 years to 2 years will suffice. At times, once the policy is published folks are already working on the revision to keep up with technology growth. "Since a standard of this nature must be flexible enough to adapt to advancements and innovations in science and technology, this standard will be reviewed every five years in order to consider new or revised requirements that may be needed to meet technological and economic changes."
Amy Harding

Biometrics and Cyber Security - 8 views

biometrics.org/...e%20Rm14%20Thu%20900-920AM.pdf

shared by Amy Harding on 06 Mar 13 - No Cached
  • Amy Harding on 06 Mar 13
     
    Review the presentation.
  • ...3 more comments...
  • Phil Kemp on 24 Mar 13
     
    This article does mention balancing some weaknesses of biometrics. The one weakness that is common right now among these systems is the use of usernames and passwords to form a secondary means of accessing the system once the biometrics no longer work. With the implementation of multi-modal systems, this could be resolved. The article also discusses international based systems, which could be difficult, personal information is a source of contention between many countries. Where is the information stored, and what laws become enforceable depending on the users point of presence?
  • Seth Molin on 24 Mar 13
     
    Interesting article thank you for posting it. As Phil and the article mentioned where is this information stored. The security of this information is deeply concenring. Not that I am a conspiracy theorist but I really do not want my biometric information to be stored on some database. I remember when my daughter was young there was a push to have your child's DNA sample taken and stored in case it was ever needed in the event the child was kidnapped or lost. After thinking about it back then I just did not see how the government having her DNA sample was a good thing. Of course if she ever comitted a crime I would like to think that I would want her punished for the crime but being a parent I also know that I would do anything to protect her, so why would I give the government a readily available DNA sample for them to identify her with. In the event a sample was needed because of some terrible event happening to her one could be provided through other methods. Just my thoughts.
  • glenn_g on 24 Mar 13
     
    I just posted up an article on fooling biometric fingerprint scanners, Facial scanners can be fooled with photos http://thehackernews.com/2011/11/android-facial-recognition-based.html The Danger is that while one can get a new password or smart card if the old is compromised, You only have one face, two eyes and 10 fingers to use for ID and can't get new ones when someone figures out how to comprimise them.
  • Leo T Garcia on 25 Mar 13
     
    Thanks for the posting especially since my project deals with Ambient Intelligence wherein biometrics can be an integral part of its implementation. One of the most common and frequent incidents in Service Management is authentication. Whether it is with entering secure facilities or logging into computer systems both in the office and remotely, people tend to forget their credentials. Consequently, this causes a loss in productivity as someone tries to regain their access to systems or for system administrators to provide them with temporary access. Ambient intelligence and biometrics may seem as a viable solution since the physical characteristics is intrinsic in each individual. This presentation presents me with the cybersecurity flaws and weaknesses that should be mitigated.
  • Jocelyn Gladston on 25 Mar 13
     
    Biometrics is always something I have found to be fascinating. Because like this article stated no one knows who you are on the other end of that computer so being able to authenticate that in some sort of method is a great thing
Amy Harding

Blueprint for a Secure Cyber Future - 30 views

www.dhs.gov/...-for-a-secure-cyber-future.pdf

blueprint cyber future homeland security cybersecurity

shared by Amy Harding on 28 Feb 13 - No Cached
  • Amy Harding on 28 Feb 13
     
    This document is used for your Week 1 discussion questions.
Trevor Pyle

Apple's Password-Reset Security Breach - 1 views

gizmodo.com/...d+reset-security-breach-worked

shared by Trevor Pyle on 24 Mar 13 - No Cached
  • Trevor Pyle on 24 Mar 13
     
    Apple has fully implemented multifactor authentication, but not without some security issues for their users. Since Apple has fixed the flaws, the article covers the steps in the vulnerability.
1 - 20 of 107 Next › Last »
Showing 20 items per page