security 101


Federal and State laws, as well as industry regulations, are major drivers in the security industry, and none are probably more far-reaching and controversial than the Payment Card Industry Data Security Standard (PCI DSS). Here, Fortinet provides an overview of PCI DSS and what you need to know about this regulation. It's not a law. Unlike data security laws that are created by legislators, PCI DSS is a worldwide regulation crafted by the PCI Security Standards Council, which is an open, global forum founded by: American Express, Discover, JCB... [Read More]
by RSS UnAttributed  |  Jan 15, 2014  |  Filed in: Security 101
You get a message in your inbox that appears to be from the popular online retailer Amazon.com, claiming that there was an error with your recent order. All you have to do is confirm who you are with login credentials or a credit card number, and they will be sure to address the glitch and reroute your package as soon as possible. The message looks convincing - yet don't really remember ordering anything on Amazon in the recent past. Or did you? Image courtesy of Richard Henderson In reality, the e-mail is not from Amazon - or any other... [Read More]
by RSS Stefanie Hoffman  |  Dec 04, 2013  |  Filed in: Security 101
Intrusion prevention system, or IPS, is like the secret ingredient in a favorite recipe -- it is rarely consumed by itself, but most security suites and Unified Threat Management devices wouldn't be considered complete without it. In fact, it's often taken for granted. IPS is a vital component of any comprehensive security solution and a necessary part of a compliance-driven environment. And while it is one of the most traditional security solutions on the market, its features continue to evolve to tackle a maelstrom of modern attacks. Essentially... [Read More]
by RSS Stefanie Hoffman  |  Nov 13, 2013  |  Filed in: Security 101
Preventing an organization's most valuable and critical information from walking out the door is one of the biggest challenges facing IT and security administrators. It's also a pain point that routinely keeps them up at night. Perhaps most of the time, data loss is unintentional, attributed to employees that unknowingly violate security policy or attempt to get around e-mail based security solutions by using a personal Web-based e-mail, IM or online file sharing application to transmit sensitive documents. That said, the consequences of lost... [Read More]
by RSS Stefanie Hoffman  |  Oct 09, 2013  |  Filed in: Security 101
Gone are the days when Application Control was considered a luxury. Or even a kind of security value-add. In fact, it's safe to say, that for any business with an Internet connection the ability to secure and manage applications is not only a necessity but an inherent component of IT infrastructure. That said, Application Control has come a long ways since its inception. And it's had to. Its rapid evolution is driven, in part, by the fact that security solutions for other components in the network have already reached their stride. Many firewalls,... [Read More]
by RSS Stefanie Hoffman  |  Sep 25, 2013  |  Filed in: Security 101
Software defined networking: By now most are in the process of becoming familiar with its myriad benefits. At first blush, it appears to be yet another technology trend and faddish buzz-word that has captured the attention of the media and IT industry alike. But behind all of the hype is a fundamentally new technology that holds a strong potential to transform the IT industry. Here's why: Prior to SDN, networking entailed a labor-intensive manual process requiring a lot of coordination and installation of physical hardware managed through a command... [Read More]
by RSS Stefanie Hoffman  |  Sep 12, 2013  |  Filed in: Security 101
No doubt, security would become a lot easier if every malicious IP client came with its own red flag. But, as with most things in life, it's almost never quite that easy. That said, there are a few ways to identify suspicious behavior before the onset of Advanced Persistent Threats or other malicious exploits. Here are a few warning signs that herald danger ahead, according to Fortinet's new white paper "Detecting What's Flying Under the Radar: The Importance of Client Reputation in Defending Against Advanced Threats." One Too Many Failed Connections: Malware... [Read More]
by RSS Stefanie Hoffman  |  Sep 04, 2013  |  Filed in: Security 101
With the explosive rise of smartphones and tablets used in the workplace, wireless networking has moved past optional and into the realm of necessity for almost all organizations. Among other reasons, most users these days have little time or patience to run copious wires through their homes or offices. Subsequently, it stands to reason that wireless security also has become a top priority. How different organizations implement wireless security is a point of comparison. Organizations such as government agencies, financial services, or health care... [Read More]
by RSS Stefanie Hoffman  |  Aug 29, 2013  |  Filed in: Security 101
Let's face it, there is a lot of confusion about Next Generation Firewalls and how they differentiate themselves from Unified Threat Management (UTM) devices, secure Web, and email security gateways. The myriad terms used to describe them are often used interchangeably -- and all too often incorrectly. So what exactly is a Next Generation Firewall (NGFW)? Gartner defines a NGFW as an "in-line security control that implements network security policy between networks of different trust levels in real time." If nothing else, a NGFW provides a... [Read More]
by RSS Stefanie Hoffman  |  Aug 21, 2013  |  Filed in: Security 101
By now, most are familiar with the concept of phishing , when an attacker baits a victim by sending out a persuasive social engineering message coupled with a malicious link or attachment. And even spear phishing , where the attacker similarly reels in an intended target, only with highly personal information available via social media and Internet searches. But SMShing? Perhaps not surprisingly, the same concept applies to SMS messages. As its name might suggest, SMShing is defined as the act of sending a fraudulent URL or phone number via SMS,... [Read More]
by RSS Stefanie Hoffman  |  Aug 14, 2013  |  Filed in: Security 101