Tech-2 Security

Site maintained by Lee Duke. Security Consultant

Genuine Phishing Attempt Explained

Get link
Facebook
X
Pinterest
Email
Other Apps

May 09, 2010

Not a very technical document, but explains the basics
PDF Document

Tech-2 Posts

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Is your company ready for GDPR ?

May 07, 2017

What is it ? Put simply it is a set of new policies adding to the current Data Protection Laws in the EU. Companies will be required to respect "the right to be forgotten". This means that you must be fully in control of your data in such a way that all digital traces pertaining to any individual must be fully deleted should the request be made. Whats is in scope ? Basically all of your data must be cleansed of any identifying data if requested. This will include all past and present data including archives and backups. What if I dont comply with a request ? Penalties will be imposed of up to 4 percent of worldwide turnover. How should this be implemented ? You will need to be able to demonstrate a process which is implemented and fully documented which complies with each request. What problems need to be overcome ? The biggest issue is knowing your data. In other words having fully indexed data and systems which will ensure this can be conducted in a tho...

Application Control In The Workplace Using the Fortigate UTM

March 29, 2011

Whether you are a small or enterprise size business, controlling internet application usage can become a major productivity not to mention security issue. With the ever growing number of applications available to users the problems escalate. Facebook, Instant Messenger and online gaming to name a few are difficult to manage with traditional Firewalls. Typically, for example Port 80 may be allowed for users to access the internet, howvever many of these applications use Port 80 to "get out" on. Also most applications are able to port hop and find open ports to use, making allowing or blocking a difficult if not impossible task. Fortinet offer a solution to this by integrating Application Control into their UTM appliances. Regardless of the Application or Port Fortinet are able to inspect the traffic and pinpoint applications being used. Depending on the application type there are several actions which can be taken with multiple levels of configuration and granularity. A...

SHA-1 Certificates will be rejected by the latest browsers.

May 11, 2017

Websites and systems protected using certificates using Sha-1 algorithms will no nonger be accepted by new browsers. IE11 and Chrome for example wont allow a user to continue on to the site regardless. Most public CA's have been issuing more scure certificates for some time now, however many internal CA's are still using Sha-1 to sign their certificates. Its time to check and upgrade/reconfigure if you want your systems to keep running smoothly. Microsoft for example has several articles on how to deal with the situation in their support site. I recently helped a customer running Windows Server 2008 Domain to upgrade their CA to issue the higher security certs.