Access Control — Opinions

Cyberwar Incident Response at the Speed of Thought

In a combat situation, our soldiers wear and carry different types and amounts of equipment, compared to when they are on normal duties. In some high risk situations they’re expected to carry around 60 kilograms worth of kit, including their gun, ammunition, armour, helmet and boots.

Nick Race | 12 Apr | Read more

Do you have an Insider Threat Program?

Insider threats are increasingly on our radar, we saw a recent example in Australia with an Bluescope Steel employee taking out company documents. Also two scientists at Glaxo Smith Kline research scientists in another well publicised incident- Yu Xue and Lucy Xi, were charged with stealing trade secrets.

David Gee | 01 Apr | Read more

Best ways to protect Ecommerce site from cyber criminals

With the festive season fast approaching, online retailers everywhere will be busily preparing themselves to meet the bulk demands of customers but another community is also waiting in the wings. The festive season is a primetime for nefarious cyber criminals or hackers looking to steal important data of your customers. With passage of time, hackers are improving their skills and are founding quite innovative ways to trace online behavior and steal credentials of the customers.

Joy Mali | 20 Mar | Read more

Strange account management at Amazon

Via the RISKS mailing list comes an interesting tale of poor online account management at a major online retailer. According to Graham Bennett, accounts with Amazon display an odd behaviour that doesn't seem to have attracted much attention in the past.

Carl Jongsma | 09 Oct | Read more

Five lessons learned about computer security

Reformed hacker-turned-security-consultant Kevin Mitnick served five years in federal prison for breaking into phone and software company networks. He talks about his past hacking exploits, computer security, and how he turned an illegal hobby into a useful career.

Jarina D'Auria | 16 Jul | Read more

Hack a million systems - earn a job

It has been a number of years since the fantasy that hackers will be offered a job by those who they hacked was even a potential reality, but there are reports that this might still be the case in New Zealand.

Carl Jongsma | 16 Jul | Read more

When university research is responsible for that network probe

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

Carl Jongsma | 10 Jul | Read more

Online poker cheating demonstrates insider risk

When determining the risk to a system and the data stored on it, insider threats are generally regarded as lower risk. Despite the complete access (high risk) that insiders generally have, most of the time insiders are trusted agents (very low risk) on the network. When it breaks down, it can break down in a catastrophic manner, especially if there is money at stake.

Carl Jongsma | 18 Jun | Read more

How to limit what contractors can do on the network

Question: We have contractors perform a number of critical services, such as managing our IBM blade servers. These staff have to be on the LAN, and they're long-time contractors, so trust levels run pretty high, but I know they shouldn't be able to go everywhere on the LAN. How can I limit their access while still letting them do their jobs, and most important, not making them feel like I don't trust them?

Andre Gold | 17 Jul | Read more