Tech-2 Security

Site maintained by Lee Duke. Security Consultant

Genuine Phishing Attempt Explained

Get link
Facebook
X
Pinterest
Email
Other Apps

May 09, 2010

Not a very technical document, but explains the basics
PDF Document

Tech-2 Posts

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Email Retention Policies

May 15, 2019

Many companies have little to no email retention policies in place. The idea here is to ensure that if a business related email is required, it can be recovered for up to a 6 year period. However it has also been raised that 6 years may not actually be sufficient when projects which are completed over a long period of time are concerned. Therefore 6 yrs from time of project completion should be the consideration. In some cases financial data may need a slightly longer period of retention to match other financial requirements. The question is how do you manage this type of thing. Users have the ability to delete their emails etc and therefore relying on users to manage their own mailboxes completely may not be the best option. Many companies opt for an email archiving solution which provides a copy of every email in and out to be stored safely and all access to these stored messages audited for compliance. With the adoption of cloud email services thi...

Is your company ready for GDPR ?

May 07, 2017

What is it ? Put simply it is a set of new policies adding to the current Data Protection Laws in the EU. Companies will be required to respect "the right to be forgotten". This means that you must be fully in control of your data in such a way that all digital traces pertaining to any individual must be fully deleted should the request be made. Whats is in scope ? Basically all of your data must be cleansed of any identifying data if requested. This will include all past and present data including archives and backups. What if I dont comply with a request ? Penalties will be imposed of up to 4 percent of worldwide turnover. How should this be implemented ? You will need to be able to demonstrate a process which is implemented and fully documented which complies with each request. What problems need to be overcome ? The biggest issue is knowing your data. In other words having fully indexed data and systems which will ensure this can be conducted in a tho...

Athena Spyware and EternalRocks

May 24, 2017

Wikileaks last week released documents detailing an application created by the CIA used to covertly monitor and control virtually any current version of Windows. Basically the application named Athena is spyware which gives full rights over the PC to the control. There is even a full user guide. HERE . And there is also news of a rival to Wannacry called EternalRocks which has the potential to be even more destructive. Eternal rocks makes use of seven of the NSA exploits leaked. Wannacry used two of the exploits. At present there is no reported activity related to this malware but it is very covert and includes serveral techniques to avoid detection. So the question is, who are the bad guys? The ones who leak the information or the ones who know about it but decide not to tell anyone? We know in reality that the bad guys are already two steps ahead of the authorities when it comes to CyberSecurity so would it not be in everyones interest if th...